On Thu, 2007-04-12 at 15:45 -0500, Cody Jarrett wrote:
> I'm having an issue establishing a trust between a samba/ldap PDC and a
> windows 2003 Active directory server on a seperate domain. Here is what I've
> done. I've created a 2 way trust in windows with the samba domain. When I try
> to verify the outgoing trust from windows I get an access denied message. In
> samba logs I get " get_md4pw: Workstation CATS$: no account in domain"
> although I've created a trust account on the samba server
> using 'smbldap-useradd -w CATS' then I do the ldapmodify stuff accourding to
> the samba interdomain trust howto and set the sambaAcctFlags to "I".
The way I've always done it for the windows trusts samba case is to
smbpasswd -i -a, and set a password. Then you put that password into
the windows server.
I've not done the setup for the other direction, but I understand there
may be some bugs.
> When I
> try to do "net rpc trustdom establish CATS" I type the password and
> get "[2007/04/12 15:43:07, 0] rpc_client/cli_pipe.c:cli_nt_session_open(1451)
> cli_nt_session_open: cli_nt_create failed on pipe \wkssvc to machine CODY1.
>
> Error was NT_STATUS_ACCESS_DENIED
> [2007/04/12 15:43:07, 0] utils/net_rpc.c:rpc_trustdom_establish(4672)
> Couldn't not initialise wkssvc pipe"
>
> If I type the wrong password, I get "NT_STATUS_LOGON_FAILURE" so I know the
> password is right. Does anyone have any ideas?
Chatting with tridge around the office, he was trying this out recently,
and thought some things were wrong. We may well, have some issues (or
at least unclear docs) for the windows-trusts-samba case.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
signature.asc
Description: This is a digitally signed message part
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
