[Samba] Samba 3.x and PCNetLink domain trusts

Damian Lock (SSCI) Damian.Lock at ssci.com
Tue May 1 17:36:19 GMT 2007 

I have set up NT4 Server (with Service Pack 6a.)  the domain is called
"ENT4."    I added the MS KB828741 patch  (RPC buffer overflow) from
Microsoft-  which was the patch in the past caused problems with PC
Netlink and Samba (until both of those were patched.) 

I was able to successfully able to establish two-way trusts between the
NT4 domain and the PC Netlink domain.

As part of trying to get trusts between PCNL and Samba, I had added the
following to smb.conf

	client schannel = no
	server schannel = no
	enable asu support = yes

It didn't seem to help, so I took them out.

On the samba server, I created an ent4 interdomain account. 

	# useradd ent4$
	# smbpasswd -a -i ent4


On the NT4 PDC I was able to add SAMBA domain as a trusting and trusted
domain.  On the samba, server, to finish setting up the trusts I typed

	net rpc trustdom establish ent4

(this should is to have the ENT4 domain to trust the SAMBA domain.)  

But I get the following:

	# net rpc trustdom establish ent4
	Password:
	Could not connect to server NT4PDC
	Trust to domain ENT4 established
	
Which is basically what I got when trying to establish trusts between
Samba and the PCNL domain.  I suspect it is an RPC issue.

Thanks


 


-------- Forwarded Message --------
> From: Volker Lendecke <Volker.Lendecke at SerNet.DE>
> Reply-To: Volker.Lendecke at SerNet.DE
> To: Damian Lock (SSCI) <Damian.Lock at ssci.com>
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Samba 3.x and PCNetLink domain trusts
> Date: Fri, 27 Apr 2007 07:44:54 +0200
> 
> On Thu, Apr 26, 2007 at 03:00:08PM -0400, Damian Lock (SSCI) wrote:
> > I am trying to establish a domain trust between a Samba 3.024 domain and
> > a PC Netlink 2.0 domain.
> 
> These types of problems are a bit difficult to diagnose,
> none of the Samba developers I know has direct access to a
> PC Netlink installation. It should be possible to get these
> bugs fixed, but I would say that this is not really a high
> priority task for us. You might have more success migrating
> that domain to NT4, I've seen successful migrations away
> from PC Netlink via the NT4 path.
> 
> Volker

More information about the samba mailing list