[Samba] Samba 3.x and PCNetLink domain trusts

Damian Lock (SSCI) Damian.Lock at ssci.com
Thu Apr 26 19:00:08 GMT 2007 

I am trying to establish a domain trust between a Samba 3.024 domain and
a PC Netlink 2.0 domain.

Currently, we are using PC Netlink as our primary Windows file server
and "NT4" domain controller.  (Lets say that the domain is called LEGACY
and the domain controller LX1)      Windows 2003 servers are unable to
join a PC Netlink domain (even with the SignOrSeal option disabled.)
For this, and other reasons the eventual goal is to drop PC Netlink in
favor of Samba.    In the interim, I would like to make resources on
Windows 2003 machines available to users without a duplicate set of
accounts being required.

To this end, I configured a Samba 3.024 domain "SAMBA" with a machine
called SMB1.  I can add Windows 2003 servers to this domain.  I then
tried to establish  trusts.  (Actually, I only need the SAMBA domain to
trust the LEGACY domain.)


LEGACY DOMAIN TO TRUST SAMBA DOMAIN

I tried the following to have the LEGACY domain trust the SAMBA domain:
On SMB1:
	#useradd legacy$
	#smbpasswd -a -i legacy 
	
On a Windows 2000 server in the LEGACY domain, I used the NT4 User
Manager for Domains tool to add the SAMBA domain as a trusted domain.
Which seemed to work.  I then added my SAMBA user account to the local
users group of the Windows 2000 machine.   However, when I try to log in
as that user, I get the following message

"the system cannot log you on now because the domain e2k is not
available."

The event log on the PC Netlink server shows

"no domain controller is available for E2K for the following reason:
There are currently no logon servers available to service the logon
request" 


SAMBA DOMAIN TO TRUST LEGACY DOMAIN


I have also tried to have the SAMBA domain trust the LEGACY domain.

 
On the Windows 2000 server in the LEGACY domain, with the User Manager
for Domains tool, I listed SAMBA as a trusting domain.  The, on SMB1:

	smb1# net rpc trustdom establish legacy
	Could not connect to server LX1
	Trust to domain LEGACY established


On the Windows 2003 server in the SAMBA domain, I attempt to add users
from the LEGACY domain to the local users group.  I go to the CompMgt
console->users->add -> select the domain.  When prompted, enter the
LEGACY\Administrator name and password.  When I attempt to list
accounts, or explicitly add a name, from from the LEGACY domain, I get
the message
	the following error occurred while using the user name and password you
entered.  The remote procedure call failed and did not execute.



Any thoughts?  

thanks for your help.

More information about the samba mailing list