[Samba] InterDomain Trust Issue w/Server 2003

Andrew Bartlett abartlet at samba.org
Fri Apr 13 23:07:28 GMT 2007 

On Thu, 2007-04-12 at 15:45 -0500, Cody Jarrett wrote:
> I'm having an issue establishing a trust between a samba/ldap PDC and a 
> windows 2003 Active directory server on a seperate domain. Here is what I've 
> done. I've created a 2 way trust in windows with the samba domain. When I try 
> to verify the outgoing trust from windows I get an access denied message. In 
> samba logs I get " get_md4pw: Workstation CATS$: no account in domain" 
> although I've created a trust account on the samba server 
> using 'smbldap-useradd -w CATS' then I do the ldapmodify stuff accourding to 
> the samba interdomain trust howto and set the sambaAcctFlags to "I". 

The way I've always done it for the windows trusts samba case is to
smbpasswd -i -a, and set a password.  Then you put that password into
the windows server.  

I've not done the setup for the other direction, but I understand there
may be some bugs.  

> When I 
> try to do "net rpc trustdom establish CATS" I type the password and 
> get "[2007/04/12 15:43:07, 0] rpc_client/cli_pipe.c:cli_nt_session_open(1451)
>   cli_nt_session_open: cli_nt_create failed on pipe \wkssvc to machine CODY1.  
> Error was NT_STATUS_ACCESS_DENIED
> [2007/04/12 15:43:07, 0] utils/net_rpc.c:rpc_trustdom_establish(4672)
>   Couldn't not initialise wkssvc pipe"
> 
> If I type the wrong password, I get "NT_STATUS_LOGON_FAILURE" so I know the 
> password is right. Does anyone have any ideas?

Chatting with tridge around the office, he was trying this out recently,
and thought some things were wrong.  We may well, have some issues (or
at least unclear docs) for the windows-trusts-samba case. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20070414/117038c0/attachment.bin

More information about the samba mailing list