> -----Messaggio originale----- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > g] Per conto di Stephen Roylance > Inviato: domenica 8 luglio 2007 0.09 > A: samba@lists.samba.org > Oggetto: [Samba] AD domain membership problem > > Hello, and thanks in advance for any assistance. > I have a linux machine that I'm trying to join to a windows > 2003 sp1 active directory. The specifics are: > RHEL5, samba version samba-3.0.23c-2.el5.2.0.2 a firewall > between this server and the rest of the world (which includes > the DCs), ports are open for kerberos and CIFS inbound and > kerberos, CIFS, NTP and UDP oubtound. > this machine (server.sub.domain.org) is in a subdomain of the > AD domain > (domain.org) > > I am able to run net ads join -U me createcomputer="/myOU/" > and it seems to succeed. net ads testjoin, net ads info, etc > all seem to work correctly. When I try to connect remotely > or use smbclient locally with -U me -W domain.org it fails > with "session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE" > and I see errors like: > [2007/07/07 17:50:54, 0] > rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2673) > cli_rpc_pipe_open_schannel: failed to get schannel session > key from server DC1.DOMAIN.ORG for domain DOMAIN. > [2007/07/07 17:50:54, 0] > auth/auth_domain.c:connect_to_domain_password_server(112) > connect_to_domain_password_server: unable to open the > domain client session to machine DC1.DOMAIN.ORG. Error was : > NT_STATUS_ACCESS_DENIED. > [2007/07/07 17:50:54, 0] > auth/auth_domain.c:domain_client_validate(206) > domain_client_validate: Domain password server not available. > > running net ads changetrustpw hangs and never returns. > I've tried dropping and re-joining the machine to the domain > many times, every now and then it fails, but usually > succeeds, but still does not allow connections using domain > credentials. > > Any suggestions appreciated > -Steve > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Hello Steve I've reported similar problems to the list but never got an hint. I've solved a much similar issue making Samb Server a Wins Server and forcing it to solve hostnames against DNS Of course the server is equiped with a dns server too ;) Here is an excerpt of my configuration file #smb.conf [global] workgroup = DMSWARE Wins support = yes dns proxy = yes #name resolve order = host wins bcast name resolve order = wins lmhosts hosts bcast local master = yes #domain master = yes domain master = no preferred master = auto enhanced browsing = yes #encrypt password = yes # YES = Default Be aware this doesn't solve all the issues with a firewall Net rpc testjoin only works if you specify -S <servername> attribute. Looks like Samba falls on BCAST with some commands, ignoring every over name solving mechanism Hope this helps Gianluca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba