[Samba] Samba DC to Samba NT4 Domain Trust

[Rowland penny]

On 31/10/2019 18:29, Vex Mage via samba wrote:
> Hello! I'm trying to create a two way trust between a Samba DC and a Samba
> NT4 domain both are 4.10.9. The issue I'm seeing is that while I can
> establish a one way trust from the NT4 PDC to the DC using the following
> commands;
>
> net rpc trustdom add sambaad thepassword
> net rpc trustdom establish sambaad
> I enter the password for PDC$ and the trust is established.

Have you tried 'net rpc trust create'  ?

See 'net help rpc trust create' for the syntax.

Or on the Samba DC 'samba-tool domain trust create' ?

see 'samba-tool domain trust create --help' for syntax.

>
> When I go into Domains and Trusts and create a trust it fails to verify. I
> then attempt to login to an account on NT4 domain named PDC and get the
> following message.
>
> [2019/10/30 16:35:41.408512,  0]
> ../source3/rpc_server/netlogon/srv_netlog_nt.c:989(_netr_ServerAuthenticate3)
>    _netr_ServerAuthenticate3: failed to get machine password for account
> sambaad.engineering.college.edu.: NT_STATUS_NONE_MAPPED
>
> Believing I shouldn't have used the short name I tried the net commands to
> add the full name, as used in the logs, sambaad.engineering.college.edu
> which results in the following error message.
>
> Couldn't find domain controller for domain SAMBAAD.ENGINEERING.COLLEGE.EDU.
>
> I feel like I need the Samba DC to use the short name and not the realm as
> the trust user and it might resolve. The ultimate goal is to allow the NT4
> domain users to be able to authenticate on the Active Directory domain
> resources.
>
> We cannot upgrade the NT4 domain at this time or we would perform a classic
> upgrade, there are too many legacy components that have no upgrade path.
> Any guidance would be greatly appreciated!

I urge you to, at least, start planning the upgrade away from the 
NT4-style domain, they are highly likely to go away.

Just what are you running on the PDC, that you cannot run on a DC ?

Rowland