[Samba] samba 3 with ads not authenticating against ADS trusts

Greg Adams gadams at gmail.com
Thu Oct 7 17:42:52 GMT 2004

I've got a samba 3 ads domain member server that is not able to
authenticate users in trusted domains of the ADS domain of which it is
a member.

Windows 2000 ADS PDC A trusts a Windows NT-4 domain B and a Windows
2000 ADS domain C
Solaris 9 Samba 3.0.6 member server of ADS domain A

If I use getent passwd on the Solaris 9 server, I get all the users in
Domain A and B , but no in Domain C, same thing with getent group,
wbinfo -u and wbinfo -g.

So winbindd is not "seeing" the users and groups on one of the trusted
domains... and if I try to map a share from a Windows XP client, using
one of the users in the domain winbindd CAN "see", I'm getting errors
in log.smbd.

[2004/10/07 09:27:29, 0] auth/auth_util.c:make_server_info_info3(1122)
  make_server_info_info3: pdb_init_sam failed!
[2004/10/07 09:27:29, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [domBuser] ->
[domBuser] FAILED with error NT_STATUS_NO_SUCH_USER
[2004/10/07 09:27:31, 2] smbd/server.c:exit_server(571)
  Closing connections

domBuser is a member of the NT4 domain, domain B, which winbind lists
in getent and wbinfo, but I can't map using those users.

Any ideas?

Greg Adams

More information about the samba mailing list