[Samba] pdbedit will only add users to the local machine domain, not the global domain

John T. Guthrie III guthrie at counterexample.org
Tue Aug 12 17:05:20 GMT 2008

Hello all,

When I try to add a user to my secrets.tdb file on my Samba 3.2.0 PDC, the
users are always added under the local machine domain, not the global domain.
That is, if my PDC machine name is srv1, and it is PDC for the domain DOM1,
then whenever I add a user using "pdbedit -a -u username", then that user
gets placed under the local domain SRV1, not the global domain DOM1.  So my
first question is how to I get accounts to appear under the global domain,

Now, if I understand things correctly, the SRV1 domain and the DOM1 domain are
supposed to have the same SID.  So perhaps this doesn't matter.  But when I
try to run

net rpc testjoin

on a second machine srv2, I get

[2008/08/12 04:31:57,  0] rpc_client/cli_pipe.c:get_schannel_session_key_common(2449)
  get_schannel_session_key: could not fetch trust account password for domain 'DOM1'
[2008/08/12 04:31:57,  0] utils/net_rpc_join.c:net_rpc_join_ok(87)
  net_rpc_join_ok: failed to get schannel session key from server srv1 for domain DOM1. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Join to domain 'DOM1' is not valid: NT_STATUS_CANT_ACCESS_DOMAIN_INFO

(I get the same result with "net rpc testjoin -S srv1" as well.)

When I look for the machine account srv1$ using "net rpc" commands, I can see
the account, but it appears under the domain SRV1, not under the domain DOM1
like the error message would seem to indicate that it should be under.

Here is my PDC config:

workgroup = DOM1
security = user
encrypt passwords = yes
passdb backend = tdbsam:/etc/samba/private/secrets.tdb
local master = yes
os level = 33
domain master = yes
preferred master = yes

Thanks in advance for any help that anyone can offer.

John Guthrie
guthrie at counterexample.org

More information about the samba mailing list