[Samba] Samba DC to Samba NT4 Domain Trust
Rowland penny
rpenny at samba.org
Thu Oct 31 22:30:10 UTC 2019
On 31/10/2019 21:58, Vex Mage wrote:
>
>
>
> Have you tried 'net rpc trust create' ?
>
> See 'net help rpc trust create' for the syntax.
>
>
> When I attempt this I get the following error message
>
> SAMBAPDC ~# net rpc trust create
> otherserver=sambaad.engineering.college.edu
> <http://sambaad.engineering.college.edu> otheruser=administrator
> trustpw=********** -S localhost
> of
> SAMBAPDC ~# net rpc trust create
> otherserver=samba4.engineering.college.edu
> <http://samba4.engineering.college.edu> otheruser=administrator
> otherdomainsid=S-1-5-21-2519800817-276706161-1978691535
> other_netbios_domain=sambaad
> otherdomain=sambaad.engineering.college.edu
> <http://sambaad.engineering.college.edu>
> Enter root's password:
> dcerpc_lsa_QueryInfoPolicy2_r failed with error
> [NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE].
> get_domain_info failed with error [NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE].
> connect_and_get_info failed with error
> [NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE]
>
> I can post the result of that command with -d10 if that would be helpful.
>
>
> Or on the Samba DC 'samba-tool domain trust create' ?
>
> see 'samba-tool domain trust create --help' for syntax.
>
>
> When I attempt this I get the following error message
> SAMBAAD ~# samba-tool domain trust create PDC --type external
> --direction=both --create-location=both --quarantined=no -W SAMBAPDC
> -Uroot --password=********
> LocalDomain Netbios[SAMBAAD] DNS[sambaad.engineering.college.edu
> <http://sambaad.engineering.college.edu>]
> SID[S-1-5-21-2519800817-276706161-1978691535]
> ERROR: Failed to find a writeable DC for domain 'PDC': The remote
> system is not reachable by the transport.
I think your problem may be incorrect info.
What is the short hostname of the PDC ?
What is the short hostname of the AD DC
What is the workgroup name for the PDC ?
What is the workgroup name for the AD DC ?
I take it the SID is from the AD DC
>
>
>
>
> I urge you to, at least, start planning the upgrade away from the
> NT4-style domain, they are highly likely to go away.
>
> Just what are you running on the PDC, that you cannot run on a DC ?
>
>
> The real problem for us is that Samba Active Directory doesn't support
> any backends except internal and our backend is OpenLDAP.
>
That shouldn't be a problem, You can extend the Samba AD similar to
openldap or you could use something newer instead. Just what are you
using openldap for ?
Rowland
More information about the samba
mailing list