[Samba] Setup of a new PDC with Samba 3.2.0

Jeremy Allison jra at samba.org
Fri Jul 11 18:39:57 GMT 2008

On Fri, Jul 11, 2008 at 04:50:55PM +0200, devel at thom.fr.eu.org wrote:
> Hello,
> I setting up a new PDC for a new domain using samba 3.2.0
> I use LDAP as passwd/idmap backend.
> I started from scratch just creating the OU for the
> users/groups/machines/idmaps in the ldap directory, + a user used to bind
> to ldap.
> So from there I started winbind and ran net sam provision, which worked
> great.
> Now I plan this domain will have a one way trust with one other domain,
> and as I start playing with wbinfo to verify the local/builtin groups
> appear, I found that wbinfo -t fails to check secret with :
> myserver:/usr/local/samba/bin# wbinfo -t
> checking the trust secret via RPC calls failed
> error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
> Could not check secret
> So, I'm wondering, do I need to create some kind of machine trust account
> for the PDC itself, or this reply from wbinfo -t is expected ?

Yes, you need to "join" the machine to itself (the PDC) using net join
before winbindd will work in this way on the PDC. Sorry, rather
counterintuative I know but the way it works at present.


More information about the samba mailing list