[Samba] Joining NT domain]

Damian Lock (SSCI) Damian.Lock at ssci.com
Wed May 2 14:54:03 GMT 2007

So the samba domain should trust the NT4 domain.   On a windows machine
in the NT4 domain, did you use User Manager for Domains to add the samba
domain as a trusting domain?  

It seems a little backwards to me, but the domain that wants to be
trusted creates an account for the domain that will trust it.  

I would get the following error unless I did the NT4 side 1st:

# net rpc trustdom establish nt4domain
Could not connect to server NT4PDC
The username or password was not correct.
Couldn't verify trusting domain account. Error was

-------- Forwarded Message --------
> From: Sam Wun <swun2010 at gmail.com>
> To: samba at lists.samba.org
> Subject: [Samba] Joining NT domain
> Date: Wed, 2 May 2007 10:21:16 +1000
> Hi,
> I am running samba-3.0.25rc3 in Tru64 5.1B.
> I compiled Samba source with --with-winbind switch.
> My goal of setting up Samba is to allow existing windows user login
> this Tru64 server without further asking password if they have alraedy
> logged in windows, yet with additional user control by adding a line
> "valid users = ..." in each directory section, that way Samba won't
> allow every logged on windows user login, only allow windows users
> that listed in the "valid users = ..." line.
> Therefore I thought joining Samba to the existing NT domain and also
> adding a line of "valid users=..." in smb.conf may be the solution.
> However when I tried to connect existing NT domain, I got an error:
> # ./net rpc join -S
> open_policy failed: NT_STATUS_ACCESS_DENIED
> Password:
> Note, I didn't compile Ldap and Kerberos into the Samba.
> I welcome any idea about to achieve this goal. If joining the existing
> NT domain is a must thing to do, then I may be most probably need to
> compile Ldap and Kerberos in Samba. If this is the case, do I need to
> further configure OpenLdap and Kerberos in Tru64?
> If Openldap and Kerberos is not needed, what should I do to join
> existing Nt domain?
> I m very appreciate for every suggestion.
> Thanks
> S

More information about the samba mailing list