[Samba] Setup of a new PDC with Samba 3.2.0

devel at thom.fr.eu.org devel at thom.fr.eu.org
Sat Jul 12 08:30:13 GMT 2008


I just missed this part from the documentation (by the way, could anybody
spot me to the place where this is specified. I could see in Samba Howto
chapter 13, but this is not obvious).
So I did successfully join the domain, and now I get the following error
on wbinfo -t :
MYSERVER:~# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
Could not check secret

This looks like a resolver issue. I have
	wins server =
	wins proxy = Yes
	name resolve order = lmhosts wins host bcast
in smb.conf, and my lmhost file says  MYDOMAIN  MYSERVER
and anyway the nmblookup succeeds:
tls-srv-01:~# nmblookup -R -U MYDOMAIN#1b
querying MYDOMAIN on MYDOMAIN<1b>
tls-srv-01:~# nmblookup -R -U MYDOMAIN#1c
querying MYDOMAIN on MYDOMAIN<1c>

> On Fri, Jul 11, 2008 at 04:50:55PM +0200, devel at thom.fr.eu.org wrote:
>> Hello,
>> I setting up a new PDC for a new domain using samba 3.2.0
>> I use LDAP as passwd/idmap backend.
>> I started from scratch just creating the OU for the
>> users/groups/machines/idmaps in the ldap directory, + a user used to
>> bind
>> to ldap.
>> So from there I started winbind and ran net sam provision, which worked
>> great.
>> Now I plan this domain will have a one way trust with one other domain,
>> and as I start playing with wbinfo to verify the local/builtin groups
>> appear, I found that wbinfo -t fails to check secret with :
>> myserver:/usr/local/samba/bin# wbinfo -t
>> checking the trust secret via RPC calls failed
>> error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
>> Could not check secret
>> So, I'm wondering, do I need to create some kind of machine trust
>> account
>> for the PDC itself, or this reply from wbinfo -t is expected ?
> Yes, you need to "join" the machine to itself (the PDC) using net join
> before winbindd will work in this way on the PDC. Sorry, rather
> counterintuative I know but the way it works at present.
> Jeremy.


More information about the samba mailing list