[Samba] Trust relationship between two samba with ldap backend

John H Terpstra jht at samba.org
Tue Sep 21 18:14:37 GMT 2004


On Tuesday 21 September 2004 11:29, Gustavo Lima wrote:
> John,
>
> Thank´s for answering, but still the same problem. I think is better for us
> to go step by step.
>
> Well, I joined the remote domain and the local domain with the net rpc join
> command. Then after I tried to create the machine account with the command
> net rpc trustdom add DOM2 654. Then I´m asked for another password:
>
> dom1:~# net rpc trustdom add DOM2 654
> Password:

Before you do this, use the smbldap-useradd tool to create the trust account. 
Then set a pasword on it. That is the one you need to use.

- John T.

>
> What password is this one asked after the command. Anything I put there
> don´t give me an error but doesn´t give me a sucessfull output later on
> "net rpc trustdom list". Still giving me "none" in trusting and trusted
> domains list. So I think before trying to reach the end, I should have to
> make a trusting domains add sucessfull.
>
> Can you tell me where is good docs about it or give me a step by step
> configuration?
>
> Thank´s once again.
>
> Gustavo
> ----- Original Message -----
> From: "John H Terpstra" <jht at samba.org>
> To: <samba at lists.samba.org>
> Sent: Tuesday, September 21, 2004 12:53 PM
> Subject: Re: [Samba] Trust relationship between two samba with ldap backend
>
> On Tuesday 21 September 2004 08:33, Gustavo Lima wrote:
> >         Hi All,
> >
> > I´m working hard on understing how to make trust relationship work
> > between to samba servers with ldap backend.
> >
> > In my lab I have two Debian Sarge boxes running samba 3.0.7 with openldap
> > 2.1.30. I joined each other domain with both machines. In the first one
> > (DOM1) I created the machine account with the command
>
> smbldap-useradd -a -i
>
> > DOM2 and set it´s password. Did the same on the second box with
> > smbldap-useradd -a -i DOM3. The strange thing is that these trust domain
> > account doesn´t have the $ simbol in front of it.
> >
> > Next I´ve tried to add the trusting in DOM1 using the command "net rpc
> > trustdom add DOM2 123" and retyped the passsword. And did with DOM2 "net
> > rpc trustdom add DOM1 654" and retyped the password.
> >
> > And then I tried to establish the trust relationship in DOM1 doing "net
>
> rpc
>
> > trustdom establish DOM2" typed the password 654 and got the following
> > error:
> >
> > [2004/09/21 10:53:19, 0] utils/net_rpc.c:rpc_trustdom_establish(3075)
> >   Couldn't verify trusting domain account. Error was NT_STATUS_OK
> >
> > Did the same on DOM2 and got the same error.
> >
> > Does anybody have a clue of what I´m doing wrong?
>
> First, before setting up the trust relationship, you need to join each
> Samba server to its own domain.
>
> net rpc join
>
> Then the setting up of the trust should work.
>
> - John T.
>
> > Thank´s you all.
> >
> > Gustavo
>
> --
> John H Terpstra
> Samba-Team Member
> Phone: +1 (650) 580-8668
>
> Author:
> The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
> Samba-3 by Example, ISBN: 0131472216
> Hardening Linux, ISBN: 0072254971
> OpenLDAP by Example, ISBN: 0131488732
> Other books in production.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.


More information about the samba mailing list