[Samba] Windows not being able to see all samba groups
Hi there, I´m working on a samba server 3.0.24 based on openldap 2.3.30, instaled onde Debian Etch 64 fully updated. This installation have been working fine about 2 years and lately I´m trying to find some groups on my Windows file server and it doesn´t find them. Some groups show up others don´t. Since I can list all my groups using smbldap-groupshow or with getent group I believe it´s not exactly an ldap issue. When looking for some debug information on ldap logs I don´t see any errors. The groups are retrieved fine from ldap. Samba doesn´t show any errors too. Any idea about what could be happening? Thank´s in advance. Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sambaPwdMustChange
Patrick, This number is a timestamp. To figure out what day it means paste it in this url http://www.4webhelp.net/us/timestamp.php?action=stampstamp=timezone=0 To set an account to never expire it´s password you have to set sambaacctflags to [UX] Regards, Gustavo - Original Message - From: Patrick DUBAU [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Monday, January 17, 2005 1:14 PM Subject: [Samba] sambaPwdMustChange Hi, i have samba 3.0.10 installed with LDAP. I noticed few days ago that my adminsitrator account has expired. I think it's because of the sambaPwdMustChange field of LDAP. I changed the passwd now i have the value 1108741705 in it. What does it mean (when will i be prompted again to change my passwd) and do i have to put in this field so that the password will never expire ? Thanks for any help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTConfig.POL file
Adam, Thank´s for your help. But just one unanswered and undocumented question. pdbedit -P maximum password age -C x In which unit should this x be used? Days? timestamp? hours? minutes? Thank´s once again, Gustavo - Original Message - From: Adam Tauno Williams [EMAIL PROTECTED] To: Gustavo Lima [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Friday, January 14, 2005 1:43 PM Subject: Re: [Samba] NTConfig.POL file Does anybody that have it working can give me a sample of what looks like a NTConfig.POL file that changes users passwords every 45 days. Password changing is handled by server policy, you set it using pdbedit. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTConfig.POL file - answer
Thank´s again. Is in seconds. - Original Message - From: Gustavo Lima [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Friday, January 14, 2005 4:28 PM Subject: Re: [Samba] NTConfig.POL file Adam, Thank´s for your help. But just one unanswered and undocumented question. pdbedit -P maximum password age -C x In which unit should this x be used? Days? timestamp? hours? minutes? Thank´s once again, Gustavo - Original Message - From: Adam Tauno Williams [EMAIL PROTECTED] To: Gustavo Lima [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Friday, January 14, 2005 1:43 PM Subject: Re: [Samba] NTConfig.POL file Does anybody that have it working can give me a sample of what looks like a NTConfig.POL file that changes users passwords every 45 days. Password changing is handled by server policy, you set it using pdbedit. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NTConfig.POL file
Hi Everybody, Does anybody that have it working can give me a sample of what looks like a NTConfig.POL file that changes users passwords every 45 days. I´m using samba 3.0.10 with ldap backend. Any help will be appreciated. Thank´s Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] User not Administrator to add machine to domain
Hi Everybody, Does anybody have a clue how do I create a user that does not have admin privileges but is able to include XP/2k machines in the domain using samba + ldap? Thank´s everybody. Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind + trust relationship on wan
Hi All, I´m trying to make stable a bidirectional trust relationship on the wan. I tried many things and before I change the branch samba to a BDC of main office PDC I guess anything else can help me. Does winbind can help to keep the trust relationship stable over a wan connection? Or the better way to use it is with a single domain and lots of BDCs? Thank´s everybody, Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] My Network Places
Hi All, Does somebody knows how to make a SAMBA + LDAP PDC or BDC to show only the lan machines on the browse list? I have a great number of machines in my network and wan´t the main office the just see in My Network Places the machines located there. The same on the branch offices. Thank´s in advance. Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC in many branch offices + one LDAP database -how to change passwords?
As far as I know there´s a command used in smb.conf that makes a samba BDC redirect changes to the master LDAP. I never used it before but should work. ldap replication sleep (G) When Samba is asked to write to a read-only LDAP replica, we are redirected to talk to the read-write master server. This server then replicates our changes back to the 'local' server, however the replication might take some seconds, especially over slow links. Certain client activities, particularly domain joins, can become confused by the 'success' that does not immediately change the LDAP back-end's data. This option simply causes Samba to wait a short time, to allow the LDAP server to catch up. If you have a particularly high-latency network, you may wish to time the LDAP replication with a network sniffer, and increase this value accordingly. Be aware that no checking is performed that the data has actually replicated. The value is specified in milliseconds, the maximum value is 5000 (5 seconds). Default: ldap replication sleep = 1000 - Original Message - From: Adam Tauno Williams [EMAIL PROTECTED] To: Tomasz Chmielewski [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, October 28, 2004 1:50 PM Subject: Re: [Samba] Samba PDC in many branch offices + one LDAP database -how to change passwords? As it is relatively easy to have one LDAP database across all office branches, I don't know how to make Samba 3 to read/retrieve usernames/passwords from local OpenLDAP slave, but to write added machines/changed passwords to the master OpenLDAP server (which would then replicate the changes to all its slaves). If you have the smbldap-tools configured properly with the right master and slave set, then adding machines is not a problem. Changing passwords is also not a problem provided you have LDAP referrals set up properly. Setting up referrals is really more of a question for the openldap folks, and probably covered in the setup guide at openldap. Heh, ask at OpenLDAp group, they point you to Samba group; ask at Samba group, they point you back to OpenLDAP :) Just to clarify, mostly for the archives: Setting up referrals is NIETHER a Samba OR OpenLDAP question. It is an LDAP issue, referrals are a standard LDAP thing, supported by every decent DSA. The OpenLDAP lists are for questions SPECIFICALLY for OpenLDAP related issues, referrals would not be such an issue. *ANY* decent LDAP text will cover referrals, and questions about referrals would be appropriate to the [EMAIL PROTECTED] list (generic LDAP discussion) - but again, they are a well documented standard type of thing. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba on WAN
Hi Everybody, Im trying to get rid of my NT4 servers here but Im having strange problems with samba on WAN. Im using in my main office samba 3.0.7 on Debian sarge with ldap backend called main-dom. On the other office Im using the same system and both are linked with a 256k Frame-relay connection. The domain is called other-dom. In the mais office I have a firewall where is connected my LAN in one iface, internet connection in the second iface and on third is connected the router that establishes the frame-relay connection. The security guys said me theres no rule blocking 137, 139 or 445 traffic. Is there any other port used by samba or WINS? Both are set to trust each other. In NT4 structure I have in the main office a SQL Server and users of both main and other office are listed on it to keep a certain application authentication. I made the same arrangement with samba using a SQL Server that logs on my samba PDC here in the main facility and let users in the main and other office to use the sql application. The problem is the remote users can be listed, but when I get of the group I created to the remote users and get back to it the user that once was other-dom\user changes to its SID like S-1-5-21-619649889-1864520048-1540833222-1056 I made thousands of changes in WINS. Used MS Wins replicating with static entrys. One Samba Wins and everybody using it. In all tries still the same problem. I sincerely dont what to do anymore. Can anyone give me 2 or 10 tips so I can start trying different setups because I really dont know what to do. My best regards, Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba on WAN
Doug, I forgot to mention the other ports. They are already free to go. Thanks anyway, Gustavo - Original Message - From: Doug VanLeuven [EMAIL PROTECTED] To: Gustavo Lima [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, October 27, 2004 4:54 PM Subject: Re: [Samba] Samba on WAN Gustavo Lima wrote: On the other office Im using the same system and both are linked with a 256k Frame-relay connection. The domain is called other-dom. In the mais office I have a firewall where is connected my LAN in one iface, internet connection in the second iface and on third is connected the router that establishes the frame-relay connection. The security guys said me theres no rule blocking 137, 139 or 445 traffic. Is there any other port used by samba or WINS? Depending on authentication methods 389 ldap 636 ldaps 88kerberos 749 kerberos admin Mostly just 389 perhaps 88. Hope it helps. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Trust not working - long
Hi All, I have a network with 23 PDCs. One in my main building and other 22 all over the country connected over 256k Frame-relay links. Well, these 22 PDCs are trusting and are trusted by my main PDC and vice-versa. I was using Windows WINS over NT4 doing replication in each places, but trying to solve my problem I´m using now a unique box dedicated to run WINS on SAMBA. All teh problems begin when I try to map or connect to a trusted machine on a remote node. I have three kind of situations. 1. The trust works fine. 2. The remote machine ask me for password to log in like there is no trust. 3. The remote machine sends back an error saying there´s no trust between the my personal machine and the remote host. Doing the same thing at the remote node trying to map or connect to a Windows or Samba server here in the main facility gives us the same three problems. Other curious thing is that sometimes you can map some servers and not others. These servers I´m trying to map are Windows and Samba and the problem occurs on both. The confs are all the same and the network conditions too. The old NT4 PDCs still are connected to the network as BDCs as we can´t took them of the network. As possible we are demoting them to member servers but this could be done in only one remote node. Even the main facility has it´s old PDC running as BDC. One more important information is when I create my trust I always get: Could not connect to server SERVERB Trust to domain DOMAINB established On saturday all the trusts seem to work fine but on monday it became a caos. There goes a sample conf of my servers: I would appreciate any help so it can save my skin. Regards, Gustavo # Global parameters [global] workgroup = COMPANY netbios name = mainserver admin users= @Domain Admins server string = Samba Server %v security = user encrypt passwords = Yes min passwd length = 6 obey pam restrictions = No ldap passwd sync = Yes log level = 1 syslog = 100 log file = /var/log/samba/log.%m max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 name resolve order = wins lmhosts host idmap backend = ldap:ldap://127.0.0.1 remote announce = 10.11.255.255 10.21.255.255 10.31.255.255 10.41.255.255 10.51.255.255 10.61.255.255 10.71.255.255 10.81.255.255 10.91.255.255 10.101.255.255 10.111.255.255 10.121.255.255 10.131.255.255 10.141.255.255 10.151.255.255 10.161.255.255 10.171.255.255 10.181.255.255 10.191.255.255 10.201.255.255 10.211.255.255 10.221.255.255 10.231.255.255 remote browse sync = 10.11.255.255 10.21.255.255 10.31.255.255 10.41.255.255 10.51.255.255 10.61.255.255 10.71.255.255 10.81.255.255 10.91.255.255 10.101.255.255 10.111.255.255 10.121.255.255 10.131.255.255 10.141.255.255 10.151.255.255 10.161.255.255 10.171.255.255 10.181.255.255 10.191.255.255 10.201.255.255 10.211.255.255 10.221.255.255 10.231.255.255 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes os level = 255 preferred master = Yes domain master = Yes wins server = 10.1.0.61 passdb backend = smbpasswd ldapsam:ldap://127.0.0.1/ # ldap filter = ((objectclass=sambaSamAccount)(uid=%u)) ldap admin dn = cn=admin,dc=company,dc=com,dc=br ldap suffix = dc=matriz,dc=company,dc=com,dc=br ldap group suffix = ou=grupos ldap user suffix = ou=usuarios ldap machine suffix = ou=maquinas ldap idmap suffix = ou=Idmap ldap ssl = no add user script = /usr/local/sbin/smbldap-useradd -m %u ldap delete dn = Yes #delete user script = /usr/local/sbin/smbldap-userdel %u add machine script = /usr/local/sbin/smbldap-useradd -w %u add group script = /usr/local/sbin/smbldap-groupadd -p %g #delete group script = /usr/local/sbin/smbldap-groupdel %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u # printers configuration printer admin = @Print Operators load printers = Yes create mask = 0640 directory mask = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case
[Samba] Error in documentatio in interdomain trust relationships
Dear development team of samba, Reading over and over again samba docs, trying to solve a unstable trust relationship problem, I found http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html#id2546222 Adding the machine account with smbldap-useradd.pl -w domain_name just creates it but no samba attributes are added. You need to add the samba attributes with the command smbldap-usermod -a domain_machine$ to solve it. Here in my servers just worked this way. If Im wrong please correct me. Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SQL Server cant validate users over Samba Trust
Hi All, I have a huge problem and hope somebody can help me. The SQL Server is mapping all the user accounts of the databases on Samba users list. The users who are in my local domain keep working fine and authenticating over SQL. The users who were mapped over trust relationship are shown in a first moment and then they just show the SID of the user but not the name. Because of this situation they cant logon on the apps that uses de db on SQL. The same is happenning over some mapped users on some shares I have. Is there any parameter on samba where I can grant these shares and everything else over these trusts? Thanks any help. Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SQL Server cant validate users over Samba Trust
Hi All, I have a huge problem and hope somebody can help me. The SQL Server is mapping all the user accounts of the databases on Samba users list. The users who are in my local domain keep working fine and authenticating over SQL. The users who were mapped over trust relationship are shown in a first moment and then they just show the SID of the user but not the name. Because of this situation they cant logon on the apps that uses de db on SQL. The same is happenning over some mapped users on some shares I have. Is there any parameter on samba where I can grant these shares and everything else over these trusts? Thanks any help. Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SQL Server can´t validate users over Samba Trust
Hi All, I have a huge problem and hope somebody can help me. The SQL Server is mapping all the user accounts of the databases on Samba users list. The users who are in my local domain keep working fine and authenticating over SQL. The users who were mapped over trust relationship are shown in a first moment and then they just show the SID of the user but not the name. Because of this situation they can´t logon on the apps that uses de db on SQL. The same is happenning over some mapped users on some shares I have. Is there any parameter on samba where I can grant these shares and everything else over these trusts? Thank´s any help. Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Ex-PDC always loosing sync with new samba PDC
Thanks for your answer Andrew, Unfortunelly I cant take these NT out from the network now. I will have to find a way to handle them. Another question. Im having problems with Win 2k Server with SQL 2k. The 2k cant see the users names from the 22 trusts I have, but only the SIDs. In other way the local account s works fine. Is there any solution to this problem? Thanks, Gustavo - Original Message - From: Andrew Bartlett [EMAIL PROTECTED] To: Gustavo Lima [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, October 14, 2004 7:13 AM Subject: Re: [Samba] Ex-PDC always loosing sync with new samba PDC -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Ex-PDC always loosing sync with new samba PDC
Hi All, I´ve migrated my Win NT4 PDC to a samba 3.0.7 with ldap backend. In all the 22 city´s I made this, the old PDC just let me connect on it if I go on srvmgr and ask it to syncronize wiht the PDC. After that I can open its shares normally. After a while the Win BDC starts again asking for username and password. Note that I´m using the same SID of the NT server on the Samba server. Anyone no how to solve this issue? Thank´s Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust between two samba
Are you using the same WINS server on both Samba configurations? Regards, Gustavo - Original Message - From: Doug Curtis [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 06, 2004 12:43 PM Subject: Re: [Samba] Trust between two samba opk Bronislav wrote: I have a problem with Samba: I want to make trust between two Samba domains. I have setup the trust on the DOMAINB server then on the Samba DOMAINA server net rpc trustdom establish DOMAINB I then get the following: Password: [entered password] Could not connect to server SERVERB[this is the PDC for the DOMAINB domain] Trust to domain DOMAINB established When I then try to logon to the DOMAINB domain from XP computers in DOMAINA domain, I always get a fail with bad password. Please can someone help me. Sopik Brona I wish I could offer something to try but I am obviously doing something wrong too because I have the same exact problem. I've checked faqs and mailings lists and even had other people email directly to see if I ever fixed it. So, just in case no one else replies, I just wanted to let you know you're not the only one with this problem. Thanks, Doug -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] After net rpc vampire of 2000 users admin of user db has problems
Greetings, I was able to admin users and machines database via usrmgr.exe in a samba3.0.7 + ldap server. I was able to set trusting domains too. After I vampired my ex-PDC NT server usrmgr.exe stop working and trusting stop to be showed. usrmgr.exe gives the error: The tag is invalid. Do you want to select another domain to administer? And net rpc trustdom list -UAdministrator%passwd gives me: Trusted domains list: OTHER-DOM S-1-5-21-136393487-307246644-928725530 Trusting domains list: [2004/09/30 16:44:16, 0] utils/net_rpc.c:rpc_trustdom_list(3430) Couldn't enumerate accounts. Error was: NT_STATUS_ACCESS_DENIED Is this a known error between samba and ldap? Other tools that I use to administer the users database also can´t show all imported users. Just about 500. Is this correct? Any answers will be grate. Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] After net rpc vampire of 2000 users admin of user dbhas problems - solution
The solution was to add a parameter to ldap server. sizelimit 4000 Everything works fine now. Thanks. Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WINS Replication
John, Let´s start with another issue. My other domains have quite unstable connections. So it´s hard to work just using the main WINS server in all offices. I need to maintain on each office some kind of secondary WINS to respond just for the local network if the primary fails. Can I use simultaneously the wins support = yes and wins server = 10.0.0.2 (for example) entrys in a samba configuration and point a secondary WINS server in the clients? Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Trust relationship between two samba with ldap backend
Hi All, I´m working hard on understing how to make trust relationship work between to samba servers with ldap backend. In my lab I have two Debian Sarge boxes running samba 3.0.7 with openldap 2.1.30. I joined each other domain with both machines. In the first one (DOM1) I created the machine account with the command smbldap-useradd -a -i DOM2 and set it´s password. Did the same on the second box with smbldap-useradd -a -i DOM3. The strange thing is that these trust domain account doesn´t have the $ simbol in front of it. Next I´ve tried to add the trusting in DOM1 using the command net rpc trustdom add DOM2 123 and retyped the passsword. And did with DOM2 net rpc trustdom add DOM1 654 and retyped the password. And then I tried to establish the trust relationship in DOM1 doing net rpc trustdom establish DOM2 typed the password 654 and got the following error: [2004/09/21 10:53:19, 0] utils/net_rpc.c:rpc_trustdom_establish(3075) Couldn't verify trusting domain account. Error was NT_STATUS_OK Did the same on DOM2 and got the same error. Does anybody have a clue of what I´m doing wrong? Thank´s you all. Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship between two samba with ldap backend
John, Thank´s for answering, but still the same problem. I think is better for us to go step by step. Well, I joined the remote domain and the local domain with the net rpc join command. Then after I tried to create the machine account with the command net rpc trustdom add DOM2 654. Then I´m asked for another password: dom1:~# net rpc trustdom add DOM2 654 Password: What password is this one asked after the command. Anything I put there don´t give me an error but doesn´t give me a sucessfull output later on net rpc trustdom list. Still giving me none in trusting and trusted domains list. So I think before trying to reach the end, I should have to make a trusting domains add sucessfull. Can you tell me where is good docs about it or give me a step by step configuration? Thank´s once again. Gustavo - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 21, 2004 12:53 PM Subject: Re: [Samba] Trust relationship between two samba with ldap backend On Tuesday 21 September 2004 08:33, Gustavo Lima wrote: Hi All, I´m working hard on understing how to make trust relationship work between to samba servers with ldap backend. In my lab I have two Debian Sarge boxes running samba 3.0.7 with openldap 2.1.30. I joined each other domain with both machines. In the first one (DOM1) I created the machine account with the command smbldap-useradd -a -i DOM2 and set it´s password. Did the same on the second box with smbldap-useradd -a -i DOM3. The strange thing is that these trust domain account doesn´t have the $ simbol in front of it. Next I´ve tried to add the trusting in DOM1 using the command net rpc trustdom add DOM2 123 and retyped the passsword. And did with DOM2 net rpc trustdom add DOM1 654 and retyped the password. And then I tried to establish the trust relationship in DOM1 doing net rpc trustdom establish DOM2 typed the password 654 and got the following error: [2004/09/21 10:53:19, 0] utils/net_rpc.c:rpc_trustdom_establish(3075) Couldn't verify trusting domain account. Error was NT_STATUS_OK Did the same on DOM2 and got the same error. Does anybody have a clue of what I´m doing wrong? First, before setting up the trust relationship, you need to join each Samba server to its own domain. net rpc join Then the setting up of the trust should work. - John T. Thank´s you all. Gustavo -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship between two samba with ldap backend
John, I cleanned all the entries from my ldap. Created the OUs again. Joined the local and the remote domain. dom1:/etc# net rpc join -S dom1 -U Administrator%passwd dom1:/etc# net rpc join -S dom2 -U Administrator%passwd Created the machine user: dom1:/etc/smbldap-tools# smbldap-useradd -a -i dom2 New password : 123456 Retype new password : 123456 dom1:/etc/smbldap-tools# net rpc trustdom add dom2 123456 Password: 123456 Then I listed the trusts: teste1:/etc/smbldap-tools# net rpc trustdom list Password: (here, everything I type works) Trusted domains list: none Trusting domains list: none Other tip? Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship between two samba with ldap backend - working now
John, Just berfore I explain how it worked a last question. In NT networks we need to replicate WINS between PDCs. Is this needed in samba? How does it work? Or I have to use the same WINS server to all PDC over WAN? Not clear for me. I did this way. Joined the local domain. Created a machine account with smbldap-useradd -w dom2 on domain 1 machine. Then changed it´s password and at last changed the sambaAcctFlags in ldap db to [I]. At this time the trusting was showed on list command. Then I did the same on the domain 2 machine. Ending the story I established the trust on dom1 with the command net rpc trustdom establish dom2 and put the dom2 machine account password. At last I repeated the process on machine dom2. Logged on WinXP and everything was working fine. Thank´s by the tips. Were very usefull. Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba