[Samba] Re: Trust between two samba domains
Igor Belyi
sambauser at katehok.ac93.org
Thu Oct 14 16:56:45 GMT 2004
Please, read carefuly Samba doc regarding Interdomain Trust:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html
Interdomain trust implies that one Domain will trust another that a user
logged into it correctly. Your assumption that user from one Domain
should be able to login into another is incorrect. Users from DomainA
should login into DomainA but will be able to use resources of the
DomainB if DomainB trust DomainA.
Hope it helps,
Igor
Šopík Bronislav wrote:
> Hi,
> I posted my problem to list but nobody answerd me. I have found a solution of
> netsamlogon_cache.tdb but still I have a problem with authentication. I have
> changed a smb.conf files.
> servera:
> [global]
> workgroup = DOMAINA
> netbios name = SERVERA
> security = user
> passdb backend = smbpasswd
> local master = yes
> domain logons = yes
> os level = 33
> domain master = yes
> preferred master = yes
> log level = 3
> allow trusted domains = yes
> wins support = yes
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> read only = yes
> [Documents]
> comment = Dokumenty
> path = /export/documents
> writeable = yes
> browseable = yes
> guest ok = yes
>
>
> serverb:
> [global]
> workgroup = DOMAINB
> netbios name = SERVERB
> security = user
> passdb backend = smbpasswd
> local master = yes
> domain logons = yes
> os level = 33
> domain master = yes
> preferred master = yes
> log level = 3
> allow trusted domains = yes
> wins support = yes
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> read only = yes
> [Documents]
> comment = Dokumenty
> path = /export/documents
> writeable = yes
> browseable = yes
> guest ok = yes
>
>
>
> loga:
> [2004/10/13 16:40:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1541)
> api_rpcTNP: rpc command: NET_SAMLOGON
> [2004/10/13 16:40:21, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(613)
> SAM Logon (Interactive). Domain:[DOMAINA]. User:[bronasek at XP1] Requested
> Domain:[DOMAINB]
> [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
> [2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(100) : conn_ctx_stack_ndx = 0
> [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
> [2004/10/13 16:40:21, 3] auth/auth.c:check_ntlm_password(219)
> check_ntlm_password: Checking password for unmapped user
> [DOMAINB]\[bronasek]@[XP1] with the new password interface
> [2004/10/13 16:40:21, 3] auth/auth.c:check_ntlm_password(222)
> check_ntlm_password: mapped user is: [DOMAINB]\[bronasek]@[XP1]
> [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
> [2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(100) : conn_ctx_stack_ndx = 0
> [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
> [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
> [2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(100) : conn_ctx_stack_ndx = 0
> [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
> [2004/10/13 16:40:21, 3] libsmb/namequery_dc.c:rpc_dc_name(145)
> rpc_dc_name: Returning DC SERVERB (192.168.100.11) for domain DOMAINB
> [2004/10/13 16:40:21, 3] libsmb/cliconnect.c:cli_start_connection(1376)
> Connecting to host=SERVERB
> [2004/10/13 16:40:21, 3] lib/util_sock.c:open_socket_out(752)
> Connecting to 192.168.100.11 at port 445
> [2004/10/13 16:40:21, 3] auth/auth_util.c:make_server_info_info3(1114)
> User bronasek does not exist, trying to add it
> [2004/10/13 16:40:21, 0] auth/auth_util.c:make_server_info_info3(1122)
> make_server_info_info3: pdb_init_sam failed!
> [2004/10/13 16:40:21, 2] auth/auth.c:check_ntlm_password(312)
> check_ntlm_password: Authentication for user [bronasek] -> [bronasek] FAILED
> with error NT_STATUS_NO_SUCH_USER
> [2004/10/13 16:40:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
> free_pipe_context: destroying talloc pool of size 6274
> [2004/10/13 16:40:21, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
> writeX-IPC pnum=73cc nwritten=336
> [2004/10/13 16:40:21, 3] smbd/process.c:process_smb(1092)
> Transaction 39 of length 63
> [2004/10/13 16:40:21, 3] smbd/process.c:switch_message(887)
> switch message SMBreadX (pid 10156) conn 0x83d8040
> [2004/10/13 16:40:21, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
> readX-IPC pnum=73cc min=1024 max=1024 nread=96
>
> logb:
>
> [2004/10/13 16:17:06, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(620)
> SAM Logon (Network). Domain:[DOMAINB]. User:[bronasek@\\XP1] Requested
> Domain:[DOMAINB]
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
> [2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(100) : conn_ctx_stack_ndx = 0
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
> [2004/10/13 16:17:06, 3] auth/auth.c:check_ntlm_password(219)
> check_ntlm_password: Checking password for unmapped user
> [DOMAINB]\[bronasek]@[XP1] with the new password interface
> [2004/10/13 16:17:06, 3] auth/auth.c:check_ntlm_password(222)
> check_ntlm_password: mapped user is: [DOMAINB]\[bronasek]@[XP1]
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
> [2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(100) : conn_ctx_stack_ndx = 0
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> [2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(100) : conn_ctx_stack_ndx = 1
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
> [2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(100) : conn_ctx_stack_ndx = 0
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
> [2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(100) : conn_ctx_stack_ndx = 0
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
> [2004/10/13 16:17:06, 3] auth/auth.c:check_ntlm_password(268)
> check_ntlm_password: sam authentication for user [bronasek] succeeded
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
> [2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(100) : conn_ctx_stack_ndx = 0
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
> [2004/10/13 16:17:06, 2] auth/auth.c:check_ntlm_password(305)
> check_ntlm_password: authentication for user [bronasek] -> [bronasek] ->
> [bronasek] succeeded
> [2004/10/13 16:17:06, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
> free_pipe_context: destroying talloc pool of size 4844
> [2004/10/13 16:17:06, 3] smbd/process.c:process_smb(1092)
> Transaction 10 of length 45
> [2004/10/13 16:17:06, 3] smbd/process.c:switch_message(887)
> switch message SMBclose (pid 8110) conn 0x83d7328
> [2004/10/13 16:17:06, 3] smbd/process.c:process_smb(1092)
> Transaction 11 of length 43
> [2004/10/13 16:17:06, 3] smbd/process.c:switch_message(887)
> switch message SMBulogoffX (pid 8110) conn 0x0
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2004/10/13 16:17:06, 3] smbd/reply.c:reply_ulogoffX(1255)
> ulogoffX vuid=100
> [2004/10/13 16:17:06, 3] smbd/process.c:process_smb(1092)
> Transaction 12 of length 45
> [2004/10/13 16:17:06, 3] smbd/process.c:switch_message(887)
> switch message SMBclose (pid 8110) conn 0x83d7328
> [2004/10/13 16:17:06, 2] smbd/uid.c:change_to_user(219)
> change_to_user: Invalid vuid used 100 in accessing share IPC$.
> [2004/10/13 16:17:06, 3] smbd/error.c:error_packet(145)
> error packet at smbd/process.c(941) cmd=4 (SMBclose) eclass=2 ecode=91
> [2004/10/13 16:17:06, 3] smbd/process.c:process_smb(1092)
> Transaction 13 of length 39
> [2004/10/13 16:17:06, 3] smbd/process.c:switch_message(887)
> switch message SMBtdis (pid 8110) conn 0x83d7328
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2004/10/13 16:17:06, 3] smbd/service.c:close_cnum(837)
> 192.168.100.10 (192.168.100.10) closed connection to service IPC$
> [2004/10/13 16:17:06, 3] smbd/connection.c:yield_connection(69)
> Yielding connection to IPC$
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2004/10/13 16:17:06, 3] smbd/process.c:timeout_processing(1332)
> timeout_processing: End of file from client (client has disconnected).
> [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2004/10/13 16:17:06, 2] smbd/server.c:exit_server(571)
> Closing connections
> [2004/10/13 16:17:06, 3] smbd/connection.c:yield_connection(69)
> Yielding connection to
> [2004/10/13 16:17:06, 3] smbd/connection.c:yield_connection(76)
> yield_connection: tdb_delete for name failed with error Record does not
> exist.
> [2004/10/13 16:17:06, 3] smbd/server.c:exit_server(614)
> Server exit (normal exit)
>
> Please don't you know what can I try???
>
> Besr regards, Sopik Bronislav
>
>
>
>
> Citace z emailu od rruegner <robert at ruegner.org>:
>
>
>>Hi netsamlogon_cache.tdb
>>must exist usally under /var/lib/samba
>>if it isnt i guess your samba packs arent well compiled
>>try to touch it so that it exist
>>
>
> this tdb file as well as other ones needs to be there
>
>>to proper funktion, unfortunally
>>i don t know if this one is craeted at compile-start-or establish trust
>>time but it must exist.
>>for this tdbs there is no reference to the smb.conf they must simply
>>exist cause they are hard coded and created to compile
>>which samba version/packs and linux distro do you use ?
>>maybe netsamlogon_cache.tdb is there and simply needs a chmod to access
>>write.
>>Perhaps you should post this to the list
>>cause it seems that your confs are now well enough that here is the
>>failure , the gurus will easily interpret this failure and can help you out
>>Regards
>>
>>Šopík Bronislav schrieb:
>>
>>>Hi,
>>>yes I have looked on this pages and now I change the smb.conf files on
>>
>>both
>>
>>>servers but I when I try logon computer from domaina as user for domainb,
>>
>>the
>>
>>>log in serverb wrotes me that a authentication was succeded but the
>>
>>servera
>>
>>>wrotes me this:
>>>[2004/10/11 17:51:02, 0]
>>>libsmb/samlogon_cache.c:netsamlogon_cache_store(123)
>>>netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write!
>>>[2004/10/11 17:51:02, 2] auth/auth.c:check_ntlm_password(312)
>>>check_ntlm_password: Authentication for user [abc] -> [abc] FAILED with
>>>error NT_STATUS_NO_SUCH_USER
>>>
>>>and i don't uderstand them, netsamlogon_cache.tdb I have not fined on
>>
>>server.
>>
>>>Here are my smb.conf:
>>>[global]
>>> workgroup = DOMAINA
>>> netbios name = SERVERA
>>> security = user
>>> passdb backend = tdbsam:/var/lib/samba/passdb.tdb
>>> local master = yes
>>> domain logons = yes
>>> os level = 33
>>> domain master = yes
>>> preferred master = yes
>>> log level = 3
>>> allow trusted domains = yes
>>>winbind separator = +
>>> idmap uid = 10000-20000
>>> idmap gid = 10000-20000
>>> winbind enum users = yes
>>> winbind enum groups = yes
>>>[netlogon]
>>> comment = Network Logon Service
>>> path = /var/lib/samba/netlogon
>>> read only = yes
>>>[Documents]
>>> comment = Dokumenty
>>> path = /export/documents
>>> writeable = yes
>>> browseable = yes
>>> guest ok = yes
>>>
>>>
>>>[global]
>>> workgroup = DOMAINB
>>> netbios name = SERVERB
>>> security = user
>>> passdb backend = tdbsam:/var/lib/samba/passdb.tdb
>>> local master = yes
>>> domain logons = yes
>>> os level = 33
>>> domain master = yes
>>> preferred master = yes
>>> log level = 3
>>> allow trusted domains = yes
>>>winbind separator = +
>>> idmap uid = 10000-20000
>>> idmap gid = 10000-20000
>>> winbind enum users = yes
>>> winbind enum groups = yes
>>>[netlogon]
>>> comment = Network Logon Service
>>> path = /var/lib/samba/netlogon
>>> read only = yes
>>>[Documents]
>>> comment = Dokumenty
>>> path = /export/documents
>>> writeable = yes
>>> browseable = yes
>>> guest ok = yes
>>>
>>>Need I a winbind for authenticate user from other domain or no???
>>>
>>>Thank you, Sopik Bronislav
>>>
>>>
>>>Citace z emailu od rruegner <robert at ruegner.org>:
>>>
>>>
>>>
>>>>Hi,
>>>>did you look here
>>>>http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/
>>>>special here
>>>>
>>>
>>>
> http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html
>
>>>>and here
>>>>http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html
>>>>
>>>>netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write
>>>>is this file existing?
>>>>
>>>>Regards
>>>>
>>>>Šopík Bronislav schrieb:
>>>>
>>>>
>>>>>Hi,
>>>>>
>>>>>great next step. I change the security on both servers to user. Now is
>>
>>my
>>
>>>>>configuration:
>>>>>Servera:
>>>>>[global]
>>>>> workgroup = DOMAINA
>>>>> netbios name = SERVERA
>>>>> security = user
>>>>> passdb backend = tdbsam:/var/lib/samba/passdb.tdb
>>>>>encrypt passwords = true
>>>>>local master = yes
>>>>> domain logons = yes
>>>>> os level = 33
>>>>> domain master = yes
>>>>> preferred master = yes
>>>>> dns proxy = no
>>>>> log level = 3
>>>>> allow trusted domains = yes
>>>>> wins support = yes
>>>>>[netlogon]
>>>>> comment = Network Logon Service
>>>>> path = /home/samba/netlogon
>>>>> guest ok = yes
>>>>>
>>>>>Serverb:
>>>>>[global]
>>>>> workgroup = DOMAINB
>>>>> netbios name = SERVERB
>>>>> security = user
>>>>> passdb backend = tdbsam:/var/lib/samba/passdb.tdb
>>>>>encrypt passwords = true
>>>>>local master = yes
>>>>> domain logons = yes
>>>>> os level = 33
>>>>> domain master = yes
>>>>> preferred master = yes
>>>>> dns proxy = no
>>>>> log level = 3
>>>>> allow trusted domains = yes
>>>>> wins server = 192.168.100.10
>>>>>[netlogon]
>>>>> comment = Network Logon Service
>>>>> path = /home/samba/netlogon
>>>>> guest ok = yes
>>>>>
>>>>>but I have still some problems, my log gives me:
>>>>>
>>>>>[2004/10/11 17:51:02, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(613)
>>>>> SAM Logon (Interactive). Domain:[DOMAINA]. User:[abc at XP1] Requested
>>>>>Domain:[DOMAINB]
>>>>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>>>>> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
>>>>>[2004/10/11 17:51:02, 3] smbd/uid.c:push_conn_ctx(365)
>>>>> push_conn_ctx(100) : conn_ctx_stack_ndx = 0
>>>>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>>>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>>>>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>>>>> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
>>>>>[2004/10/11 17:51:02, 3] auth/auth.c:check_ntlm_password(219)
>>>>> check_ntlm_password: Checking password for unmapped user
>>>>>[DOMAINB]\[abc]@[XP1] with the new password interface
>>>>>[2004/10/11 17:51:02, 3] auth/auth.c:check_ntlm_password(222)
>>>>> check_ntlm_password: mapped user is: [DOMAINB]\[abc]@[XP1]
>>>>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>>>>> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
>>>>>[2004/10/11 17:51:02, 3] smbd/uid.c:push_conn_ctx(365)
>>>>> push_conn_ctx(100) : conn_ctx_stack_ndx = 0
>>>>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>>>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>>>>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>>>>> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
>>>>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>>>>> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
>>>>>[2004/10/11 17:51:02, 3] smbd/uid.c:push_conn_ctx(365)
>>>>> push_conn_ctx(100) : conn_ctx_stack_ndx = 0
>>>>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>>>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>>>>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>>>>> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
>>>>>[2004/10/11 17:51:02, 3] libsmb/namequery_dc.c:rpc_dc_name(145)
>>>>> rpc_dc_name: Returning DC SERVERB (192.168.100.11) for domain DOMAINB
>>>>>[2004/10/11 17:51:02, 3] libsmb/cliconnect.c:cli_start_connection(1376)
>>>>> Connecting to host=SERVERB
>>>>>[2004/10/11 17:51:02, 3] lib/util_sock.c:open_socket_out(752)
>>>>> Connecting to 192.168.100.11 at port 445
>>>>>[2004/10/11 17:51:02, 3] auth/auth_util.c:make_server_info_info3(1114)
>>>>> User abc does not exist, trying to add it
>>>>>[2004/10/11 17:51:02, 0] auth/auth_util.c:make_server_info_info3(1122)
>>>>> make_server_info_info3: pdb_init_sam failed!
>>>>>[2004/10/11 17:51:02, 0]
>>>>
>>>>libsmb/samlogon_cache.c:netsamlogon_cache_store(123)
>>>>
>>>>
>>>>> netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write!
>>>>>[2004/10/11 17:51:02, 2] auth/auth.c:check_ntlm_password(312)
>>>>> check_ntlm_password: Authentication for user [abc] -> [abc] FAILED
>>
>>with
>>
>>>>error
>>>>
>>>>
>>>>>NT_STATUS_NO_SUCH_USER
>>>>>
>>>>>I am getting to crazy. Please where is a pdc faqs on www.samba.org I have
>>>>
>>>>fined
>>>>
>>>>
>>>>>only a documentation.
>>>>>
>>>>>Best regards, SopiK Bronislav
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>hi,
>>>>>>Cannot use ntdomain auth method
>>>>>>when not a member of a domain.
>>>>>>
>>>>>>it seems your trust is not working , so the user is not recognized
>>>>>>as a domain member
>>>>>>cause of security = DOMAIN
>>>>>>which is total false , both servers have to be configured as pdcs which
>>
>>is
>>
>>>>>>security = user
>>>>>>read the pdc faqs
>>>>>>Regards
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>
>>>
>
>
>
More information about the samba
mailing list