[Samba] Trust not working - long
Gustavo Lima
listas at opendf.com.br
Tue Oct 19 14:26:45 GMT 2004
Hi All,
I have a network with 23 PDCs. One in my main building and other 22 all over the country connected over 256k Frame-relay links.
Well, these 22 PDCs are trusting and are trusted by my main PDC and vice-versa. I was using Windows WINS over NT4 doing replication in each places, but trying to solve my problem I´m using now a unique box dedicated to run WINS on SAMBA.
All teh problems begin when I try to map or connect to a trusted machine on a remote node. I have three kind of situations.
1. The trust works fine.
2. The remote machine ask me for password to log in like there is no trust.
3. The remote machine sends back an error saying there´s no trust between the my personal machine and the remote host.
Doing the same thing at the remote node trying to map or connect to a Windows or Samba server here in the main facility gives us the same three problems.
Other curious thing is that sometimes you can map some servers and not others.
These servers I´m trying to map are Windows and Samba and the problem occurs on both.
The confs are all the same and the network conditions too. The old NT4 PDCs still are connected to the network as BDCs as we can´t took them of the network. As possible we are demoting them to member servers but this could be done in only one remote node. Even the main facility has it´s old PDC running as BDC.
One more important information is when I create my trust I always get:
Could not connect to server SERVERB
Trust to domain DOMAINB established
On saturday all the trusts seem to work fine but on monday it became a caos.
There goes a sample conf of my servers:
I would appreciate any help so it can save my skin.
Regards,
Gustavo
# Global parameters
[global]
workgroup = COMPANY
netbios name = mainserver
admin users= @"Domain Admins"
server string = Samba Server %v
security = user
encrypt passwords = Yes
min passwd length = 6
obey pam restrictions = No
ldap passwd sync = Yes
log level = 1
syslog = 100
log file = /var/log/samba/log.%m
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
name resolve order = wins lmhosts host
idmap backend = ldap:ldap://127.0.0.1
remote announce = 10.11.255.255 10.21.255.255 10.31.255.255 10.41.255.255 10.51.255.255 10.61.255.255 10.71.255.255 10.81.255.255 10.91.255.255 10.101.255.255 10.111.255.255 10.121.255.255 10.131.255.255 10.141.255.255 10.151.255.255 10.161.255.255 10.171.255.255 10.181.255.255 10.191.255.255 10.201.255.255 10.211.255.255 10.221.255.255 10.231.255.255
remote browse sync = 10.11.255.255 10.21.255.255 10.31.255.255 10.41.255.255 10.51.255.255 10.61.255.255 10.71.255.255 10.81.255.255 10.91.255.255 10.101.255.255 10.111.255.255 10.121.255.255 10.131.255.255 10.141.255.255 10.151.255.255 10.161.255.255 10.171.255.255 10.181.255.255 10.191.255.255 10.201.255.255 10.211.255.255 10.221.255.255 10.231.255.255
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
os level = 255
preferred master = Yes
domain master = Yes
wins server = 10.1.0.61
passdb backend = smbpasswd ldapsam:ldap://127.0.0.1/
# ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
ldap admin dn = cn=admin,dc=company,dc=com,dc=br
ldap suffix = dc=matriz,dc=company,dc=com,dc=br
ldap group suffix = ou=grupos
ldap user suffix = ou=usuarios
ldap machine suffix = ou=maquinas
ldap idmap suffix = ou=Idmap
ldap ssl = no
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
# printers configuration
printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile folders:
preserve case = yes
short preserve case = yes
case sensitive = no
[homes]
comment = Pasta pessoal de %U, %u
read only = No
create mask = 0644
directory mask = 0775
browseable = No
[netlogon]
path = /home/netlogon/
browseable = No
read only = yes
[profiles]
path = /home/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
force user = %U
# next line allows administrator to access all profiles
valid users = %U "Domain Admins"
[printers]
comment = Network Printers
printer admin = @"Print Operators"
guest ok = yes
printable = yes
path = /home/spool/
browseable = No
read only = Yes
printable = Yes
print command = /usr/bin/lpr -P%p -r %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
[print$]
path = /home/printers
guest ok = No
browseable = Yes
read only = Yes
valid users = @"Print Operators"
write list = @"Print Operators"
create mask = 0664
directory mask = 0775
[public]
comment = Pasta publica
path = /home/public
browseable = Yes
guest ok = Yes
read only = No
directory mask = 0775
create mask = 0664
More information about the samba
mailing list