I'm a longtime Samba user and admin (since 1.7) and I thought I had seen just
about everything until Active Directory 2003 (native mode) completely took out
our Samba user authentication (each server auth=domain to an AD 2000 domain).
We have Samba running on a variety of servers (AIX, HP, Linux) and need to be
able to provide our users with the ability to access their appropriate shares
without having to maintain passwords on every server. Because of concerns
about turning all user authentication on all of the servers over to Active
Directory, the best solution seemed to be to create a Samba domain. This way
all of the Samba servers could look to the Samba PDC for user authentication
which would then look to the AD 2003 realm via a trust relationship (Samba
trusting, AD trusted).
The Samba PDC is a SUSE SLES 10 server running Samba version 3.0.22. It has
been configured as a trusting domain in our AD 2003 lab realm. When I ty to
establish the trust using "net rpc trustdom establish", everything seems to be
going well and then the establish fails with the following message:
[2007/01/05 14:25:20, 0] utils/net_rpc.c:rpc_trustdom_establish(5064)
Couldn't verify trusting domain account. Error was NT_STATUS_OK
[2007/01/05 14:25:20, 2] utils/net.c:main(879)
return code = -1
All that shows up in the Windows logs are a successful login and logout by my
PDC.
I've been digging in the Samba documentation and maillist for several weeks as
well as searching the web for any information remotely related to what I am
doing including and especially chapter 19 of the Official How-To. All of the
information I have run across deals primarily with establishing a trust to an
AD 2000 domain in mixed mode or to joining an AD 2003 domain. Is it possible
to establish this type of relationship between AD 2003 in native mode and Samba
at the current time?
Any suggestions on possible issues to beware of or suggestions as to what might
be causing the error would be greatly appreciated. A how-to for an AD 2003
native environment would be fantastic.
Thanks
Mike Roberts
System Engineer 2, Enterprise Systems
Please see the following link for the BlueCross BlueShield of Tennessee E-mail
disclaimer: http://www.bcbst.com/email_disclaimer.shtm
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
