[Samba] Samba LDAP PDC, BDC + Shared Interdomain Trust secret

Robert Kelly robert.kelly at ebimed.com
Fri May 6 17:53:06 GMT 2005


Hi there,
I have a Samba PDC and BDC migrated from NT4 using ldapsam with an
interdomain trust to a 2k3 domain. The trust is established both ways
and was made from the pdc. Using samba 3.0.14a-sernet on Suse 9.1

The trust is working. I can pull users from the trusted domain and apply
them to acls on my samba DMS. Winbind adds the idmap entry correctly.
What is not working, is authentication from the w2k3 domain to our bdc.
If I browse to \\pdc\netlogon from the w2k3 domain I can view the share
and files, when browsing to \\bdc\netlogon a password box pops up.
The netlogon share definition and permissions are identical on both dcs.

The trusts are both visible on both the pdc and bdc using net rpc
trustdom list, however, doing a wbinfo -m on the bdc only lists the
BUILTIN domain whereas on the pdc it lists BUILTIN and our trusted
domain. Doing wbinfo --sequence on the pdc lists BUILTIN, OURDOMAIN and
W2K3DOMAIN and on the bdc it lists only BUILTIN and OURDOMAIN.
Incidently, W2K3DOMAIN will show 'DISCONNECTED' sometimes as it's output
from wbinfo --sequence.

The difference I can see between the two is that the pdc has an entry in
it's secrets.tdb for "SECRETS/$DOMTRUST.ACC/W2K3DOMAIN" and the bdc does
not.
Questions:
1) Shouldn't the bdc also have this information?
2) Shouldn't that information be stored in LDAP?
3) Is the sambaTrustPassword object class used for this, if so how?

On another LDAP note,
Should the sambaLogonTime be updated when a user logs on?

Thanks,
Rob



More information about the samba mailing list