[Samba] Samba 3 dms doesn't allow access through interdomain trust

John Little jlittle_97 at yahoo.com
Wed May 18 14:18:07 GMT 2005 

Hello everyone!

I have a little problem:

HRH = trusted domain (Samba 3)
Hendricks = trusting domain (NT4 sp6a)

Trusts are setup between the NT4 and Samba3 + OpenLDAP domain and
appear to be working properly.
When logged into the HRH domain on a W2k workstation I can view,read,
and write on available
shares for HRH groups and users on our Windows file servers.  Whenever
I try to see available
shares on our Samba 3 domain member server I get the prompt for
'Incorrect password or unknown
user name for fp3lb'.  If I put in my Hendricks username and password
it will let me in.

I have gone through the smb.conf(5) man page and tried all the settings
that I could find for
the smb.conf that might help.
So far no luck.

I have included some details and outputs from our setup below.  If
someone could tell me what
I'm missing or where to go look I would appreciate it

Best regards to all,

John Little
Network Engineer
Hendricks Regional Health
http://hendricks.org


Scenario

Samba versions in use:

HRH (trusted Samba 3 domain):
hrhdc01:~ # smbd -V
Version 3.0.10-SerNet-SuSE
hrhdc01:~ #  

Hendricks (trusting NT4 sp6a domain):
fp3lb:/share2 # smbd -V
Version 3.0.11-SerNet-SuSE
fp3lb:/share2 # 

NT4 sp6a Domain = Hendricks

Samba 3 OpenLDAP Domain = HRH

The interdomain trusts are setup:

>From the NT4 domain using a Samba 3 domain member server (fp3lb):
fp3lb:~ # net rpc trustdom list -U jslittl
Password:
Trusted domains list:

HRH                 S-1-5-21-1418864132-1159184377-506600700

Trusting domains list:

HRH                 S-1-5-21-1418864132-1159184377-506600700
fp3lb:~ #

>From the Samba OpenLDAP domain (HRHDC01, domain controller)
hrhdc01:~ # net rpc trustdom list
Password:
Trusted domains list:

HENDRICKS           S-1-5-21-1606818979-933581049-1307212239

Trusting domains list:

HENDRICKS           S-1-5-21-1606818979-933581049-1307212239
hrhdc01:~ #

getent password snippet from the Samba dms on the Hendricks (trusting
domain):

ymculpe:x:12084:10003:Culpepper,
Yvonne:/home/HENDRICKS/ymculpe:/bin/bash
ypmayer:x:12085:10003:Mayer Yvonne:/home/HENDRICKS/ypmayer:/bin/bash
ysbrown:x:12086:10003:Brown, Yong S.:/home/HENDRICKS/ysbrown:/bin/bash
zgeorg:x:12087:10003:George, Zachary:/home/HENDRICKS/zgeorg:/bin/bash
ztlcordet:x:12088:10003:ZZCordes,
Theresa:/home/HENDRICKS/ztlcordet:/bin/bash
HRH+administrator:x:12372:10149:Administrator:/home/HRH/administrator:/bin/bash
HRH+nobody:x:12373:10149:nobody:/home/HRH/nobody:/bin/bash
HRH+root:x:12364:10149:root:/home/HRH/root:/bin/bash
HRH+jslittl:x:12363:10149:john little:/home/HRH/jslittl:/bin/bash


ACLs are working on the Samba dms for the HRH (trusted) domain:
fp3lb:/share2 # setfacl -R -m u:"HRH+jslittl":rwx test
fp3lb:/share2 # getfacl test
# file: test
# owner: jslittl
# group: infosys1
user::rwx
user:HRH+jslittl:rwx
group::rwx
mask::rwx
other::r-x

fp3lb:/share2 # 

Mounting a share on a Windows (Hendricks, trusting domain) file server
from the HRHDC01 (HRH domain controller)
hrhdc01:~ # smbmount //newexchange/Documents /tmp/d01 -o
username=HRH\\jslittl
Password:
hrhdc01:~ # l /tmp/d01
total 954
drwxr-xr-x   1 root root   4096 May 18 08:53 ./
drwxrwxrwt  16 root root    480 May 18 08:45 ../
-rwxr-xr-x   1 root root  98304 Jun 16  2004 Info Mgt Pln 05-01-16-04
Drft.doc*
-rwxr-xr-x   1 root root 221240 May 27  2004 STAFF.pdf*
-rwxr-xr-x   1 root root 146412 May 27  2004 VISITOR  VOLUNTEER.pdf*
drwxr-xr-x   1 root root   4096 Nov  9  2004 _vti_cnf/
-rwxr-xr-x   1 root root  16058 May 18  2005 devotions.pdf*
-rwxr-xr-x   1 root root 202772 Mar  9 10:52 devotions.pdf.old*
-rwxr-xr-x   1 root root  80364 Jul 13  2004 menu.002*
-rwxr-xr-x   1 root root  61289 May 10 12:56 menu.pdf*
-rwxr-xr-x   1 root root  58940 Jul 19  2004 next.002*
-rwxr-xr-x   1 root root  80848 May 17 11:20 next.pdf*
hrhdc01:~ #

Attempting to mount a share on the Samba 3 (Hendricks, trusting
domain)file server from the HRHDC01 (HRH domain controller)
hrhdc01:~ # smbumount /tmp/d01/
hrhdc01:~ # smbmount //cluster1/test /tmp/d01 -o username=HRH\\jslittl
Password:
7159: session setup failed: ERRDOS - ERRnoaccess
SMB connection failed
hrhdc01:~ # l /tmp/d01
total 1
drwxr-xr-x   2 root root  48 May 18 04:06 ./
drwxrwxrwt  16 root root 480 May 18 09:00 ../
hrhdc01:~ #



		
Discover Yahoo! 
Get on-the-go sports scores, stock quotes, news and more. Check it out! 
http://discover.yahoo.com/mobile.html

More information about the samba mailing list