[Samba] trust relationship whit samba 4.3 ldap backend and Active Directory

Mario Codeniera mario.codeniera at gmail.com
Sat Feb 9 04:35:00 MST 2013 

Hi,

My question also related to German query. I used to upgrade the existing
Samba3 which has a one way (incoming) to the Active Directory running
Windows 2008. In short, clients of Samba3 can login locally or to the AD.

But when I upgraded to Samba4 the trust was been lost. Are there any way I
can reconnect it without changing the trust relationship in AD which I
don't have the access?

These are the setup
KAZEKAGE.NET (hostname - KAKURA) - is the Active Directory with one way
trust to Samba
GAARA.SANDBOX.NET (hostname - SHUKAKU) which is a Samba3 and upgraded to
Samba4 with no problems except the trust broke.

For the logs you can see here. <http://db.tt/EiU1gtmw>

When I issue the command to  establish the relationship,
*net rpc trustdom establish KAZEKAGE -U administrator
*it generates a log pointing to the ldap server (of the SAMBA3), which If I
run it for sure will conflict with the existing Samba4 own ldap.

But when I list the trust, it broke (no listings) which suppose to be okay
with Samba3.
*net rpc trustdom list -U administrator*

Or even joining to the AD, which still got an ldap server problem.
*net rpc join -U administrator -S KARURA*

I didn't change the generated smb.conf of Samba4. Or how do I point the
ldap? or Syntax? in smb.conf as what got in samba3.

Do I need to rejoin it again, meaning to change the trust in 'Active
Directory Domains and Trusts' in AD?
I can't access the trust of samba4 - an upgrade of samba3. (As for testing
purposes but in production AD server don't have administrative account(s)
which I am afraid if it doesn't work).


Best regards and thanks,
Mario


On Sat, Feb 9, 2013 at 8:29 AM, German Waisvol <german.waisvol at gmail.com>wrote:

> Good afternoon, it is possible make a two way trust relationship between
> samba 4.3 and active directory?
>
> best regards
>
>
> Germán Waisvol
> SR. Linux Unix System administrator
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list