[Samba] Trust relationship between two samba with ldap backend

John H Terpstra jht at samba.org
Tue Sep 21 15:53:19 GMT 2004

On Tuesday 21 September 2004 08:33, Gustavo Lima wrote:
>         Hi All,
> I´m working hard on understing how to make trust relationship work between
> to samba servers with ldap backend.
> In my lab I have two Debian Sarge boxes running samba 3.0.7 with openldap
> 2.1.30. I joined each other domain with both machines. In the first one
> (DOM1) I created the machine account with the command smbldap-useradd -a -i
> DOM2 and set it´s password. Did the same on the second box with
> smbldap-useradd -a -i DOM3. The strange thing is that these trust domain
> account doesn´t have the $ simbol in front of it.
> Next I´ve tried to add the trusting in DOM1 using the command "net rpc
> trustdom add DOM2 123" and retyped the passsword. And did with DOM2 "net
> rpc trustdom add DOM1 654" and retyped the password.
> And then I tried to establish the trust relationship in DOM1 doing "net rpc
> trustdom establish DOM2" typed the password 654 and got the following
> error:
> [2004/09/21 10:53:19, 0] utils/net_rpc.c:rpc_trustdom_establish(3075)
>   Couldn't verify trusting domain account. Error was NT_STATUS_OK
> Did the same on DOM2 and got the same error.
> Does anybody have a clue of what I´m doing wrong?

First, before setting up the trust relationship, you need to join each Samba 
server to its own domain.

	net rpc join

Then the setting up of the trust should work.

- John T.

> Thank´s you all.
> Gustavo

John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.

More information about the samba mailing list