[Samba] Domain trusts (Again)

Doug Curtis doug.curtis at world-mail.org
Wed Oct 6 15:46:25 GMT 2004 

rruegner wrote:

> Doug Curtis schrieb:
>
>> I hope someone can answer this since my other emails have gone 
>> unanswered.
>>
>> I am using Samba 3.0.7 on both machines and am using LDAP.  I believe 
>> that the trusts are working but I am still having a slight problem.
>>
>> I guess we'll use DOM1 and DOM2 for the domain names.  DOM2 is 
>> trusting DOM1.  If a DOM1 user tries to locally login to a DOM1 
>> computer, it gives a "System could not log you on." error.  I noticed 
>> in the logs that it is trying to create a user with the same name but 
>> it is getting this error:
>> "Error: modifications require authentication at 
>> /usr/local/sbin///smbldap_tools.pm line 885, <DATA> line 283."
>>
>> If I manually create a user in DOM1 with the same username, it will 
>> then let the user in DOM2 login.
>> Is this how the trust is supposed to work?  The user has to have a 
>> posix account in both domains?
>>
>> Also, if a user is logged into DOM1 and browses to the DOM2 server, 
>> the DOM2 server automatically creates a posix account for that user, 
>> thus letting that person login locally to DOM2 from then on.  It 
>> seems as though it is able to create the posix account it needs when 
>> browsing but not when a user tries to login locally for the first time.
>>
>> I hope this makes some sense to someone.
>>
>> Thanks,
>>
>> Doug
>>
>>
>>
> I guess yor trust is not working in the right way so , the pdc
> tries to create a temp account with ldap tools ( which fails )

Ahh, I hoped that this wouldn't be the proper way for trusts to work.  
Otherwise, what's the point of trusts?  I've used NT4 trusts before and 
didn't have a problem with those.

> If you have 2 domains with different ldap servers , every domain
> must have her own complete accounts cause they acting as complete
> different system , as far i know the trust is only handeled by hashes 
> through the pdcs and given to the clients longing that hash that there 
> is now a trusted domain.Perhaps some of the gurus will help you 
> out,but theres also good doku in the samba faqs
> Regards

Yep, that's how I have things setup.  Well, I guess I'll keep searching 
or hopefully someone can shed some light on this.

Thanks for your reply,

Doug

More information about the samba mailing list