[Samba] Samba DC to Samba NT4 Domain Trust
rpenny at samba.org
Thu Oct 31 18:55:50 UTC 2019
On 31/10/2019 18:29, Vex Mage via samba wrote:
> Hello! I'm trying to create a two way trust between a Samba DC and a Samba
> NT4 domain both are 4.10.9. The issue I'm seeing is that while I can
> establish a one way trust from the NT4 PDC to the DC using the following
> net rpc trustdom add sambaad thepassword
> net rpc trustdom establish sambaad
> I enter the password for PDC$ and the trust is established.
Have you tried 'net rpc trust create' ?
See 'net help rpc trust create' for the syntax.
Or on the Samba DC 'samba-tool domain trust create' ?
see 'samba-tool domain trust create --help' for syntax.
> When I go into Domains and Trusts and create a trust it fails to verify. I
> then attempt to login to an account on NT4 domain named PDC and get the
> following message.
> [2019/10/30 16:35:41.408512, 0]
> _netr_ServerAuthenticate3: failed to get machine password for account
> sambaad.engineering.college.edu.: NT_STATUS_NONE_MAPPED
> Believing I shouldn't have used the short name I tried the net commands to
> add the full name, as used in the logs, sambaad.engineering.college.edu
> which results in the following error message.
> Couldn't find domain controller for domain SAMBAAD.ENGINEERING.COLLEGE.EDU.
> I feel like I need the Samba DC to use the short name and not the realm as
> the trust user and it might resolve. The ultimate goal is to allow the NT4
> domain users to be able to authenticate on the Active Directory domain
> We cannot upgrade the NT4 domain at this time or we would perform a classic
> upgrade, there are too many legacy components that have no upgrade path.
> Any guidance would be greatly appreciated!
I urge you to, at least, start planning the upgrade away from the
NT4-style domain, they are highly likely to go away.
Just what are you running on the PDC, that you cannot run on a DC ?
More information about the samba