Re: [Samba] Samba 3.x and PCNetLink domain trusts]]]
It looks as if 2-way trusts are working between Samba and PCNL and between Samba/NT4. The one exception seems to be logging in as Samba/myname on the ENT4 PDC. I had created a ENT4/myname account. I had forgotten to add SAMBA/myname to the local users group on the ENT4 PDC before trying to the ENT4 PDC as SAMBA/myname. If I log in as SAMBA/anothername it is OK. This isn't real show stopper since I think I can drop the NT4 machine and domain altogether. (the goal is to eventually move everything to Samba.) Thanks for the assistance. > To: samba@lists.samba.org > Subject: Re: [Samba] Samba 3.x and PCNetLink domain trusts]] > Date: Wed, 2 May 2007 16:05:59 -0400 > > I found part of the prob may have been that I didn't join the samba PDC > to its own domain. > > # net join samba -U root > Joined domain SAMBA > > Now, commands like "wbinfo -t" and "wbinfo -m" indicate that the domains > are trusted. Also, I can run "net rpc samdump" to dump the NT4 domain > info (but not the PCNL domain.) > > If I try to log in to the NT4 server as a Samba user (who has been added > to the local users group) I get an error "C19B" - which is seems to > be a Samba error (not a microsoft error) suggesting a SID (and possibly > winbindd?) error. > > > > > > > > Forwarded Message > > From: Volker Lendecke <[EMAIL PROTECTED]> > > Reply-To: [EMAIL PROTECTED] > > To: Damian Lock (SSCI) <[EMAIL PROTECTED]> > > Cc: > > Subject: Re: [Samba] Samba 3.x and PCNetLink domain trusts] > > Date: Wed, 2 May 2007 17:15:49 +0200 > > > > On Wed, May 02, 2007 at 11:08:22AM -0400, Damian Lock (SSCI) wrote: > > > Except that everything isn't fine, because I can't login to the samba > > > domain as a PCNL/NT4 user or vice versa. > > > > Then you need to debug more. Setting up the join did work. > > > > Volker > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.x and PCNetLink domain trusts]]
I found part of the prob may have been that I didn't join the samba PDC to its own domain. # net join samba -U root Joined domain SAMBA Now, commands like "wbinfo -t" and "wbinfo -m" indicate that the domains are trusted. Also, I can run "net rpc samdump" to dump the NT4 domain info (but not the PCNL domain.) If I try to log in to the NT4 server as a Samba user (who has been added to the local users group) I get an error "C19B" - which is seems to be a Samba error (not a microsoft error) suggesting a SID (and possibly winbindd?) error. Forwarded Message > From: Volker Lendecke <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: Damian Lock (SSCI) <[EMAIL PROTECTED]> > Cc: > Subject: Re: [Samba] Samba 3.x and PCNetLink domain trusts] > Date: Wed, 2 May 2007 17:15:49 +0200 > > On Wed, May 02, 2007 at 11:08:22AM -0400, Damian Lock (SSCI) wrote: > > Except that everything isn't fine, because I can't login to the samba > > domain as a PCNL/NT4 user or vice versa. > > Then you need to debug more. Setting up the join did work. > > Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.x and PCNetLink domain trusts]
On Wed, May 02, 2007 at 11:08:22AM -0400, Damian Lock (SSCI) wrote: > Except that everything isn't fine, because I can't login to the samba > domain as a PCNL/NT4 user or vice versa. Then you need to debug more. Setting up the join did work. Volker pgpj1IVsK76qY.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.x and PCNetLink domain trusts]
Except that everything isn't fine, because I can't login to the samba domain as a PCNL/NT4 user or vice versa. Forwarded Message > From: Volker Lendecke <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: Damian Lock (SSCI) <[EMAIL PROTECTED]> > Cc: samba@lists.samba.org > Subject: Re: [Samba] Samba 3.x and PCNetLink domain trusts > Date: Wed, 2 May 2007 07:40:23 +0200 > > On Tue, May 01, 2007 at 01:36:19PM -0400, Damian Lock (SSCI) wrote: > > # net rpc trustdom establish ent4 > > Password: > > Could not connect to server NT4PDC > > Trust to domain ENT4 established > > Ok, then even with the NetLink domain it worked. This is an > unfortunate but expected error message. Everything is fine > :-) > > Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.x and PCNetLink domain trusts
On Tue, May 01, 2007 at 01:36:19PM -0400, Damian Lock (SSCI) wrote: > # net rpc trustdom establish ent4 > Password: > Could not connect to server NT4PDC > Trust to domain ENT4 established Ok, then even with the NetLink domain it worked. This is an unfortunate but expected error message. Everything is fine :-) Volker pgpI3RAunFwwn.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.x and PCNetLink domain trusts
I have set up NT4 Server (with Service Pack 6a.) the domain is called "ENT4."I added the MS KB828741 patch (RPC buffer overflow) from Microsoft- which was the patch in the past caused problems with PC Netlink and Samba (until both of those were patched.) I was able to successfully able to establish two-way trusts between the NT4 domain and the PC Netlink domain. As part of trying to get trusts between PCNL and Samba, I had added the following to smb.conf client schannel = no server schannel = no enable asu support = yes It didn't seem to help, so I took them out. On the samba server, I created an ent4 interdomain account. # useradd ent4$ # smbpasswd -a -i ent4 On the NT4 PDC I was able to add SAMBA domain as a trusting and trusted domain. On the samba, server, to finish setting up the trusts I typed net rpc trustdom establish ent4 (this should is to have the ENT4 domain to trust the SAMBA domain.) But I get the following: # net rpc trustdom establish ent4 Password: Could not connect to server NT4PDC Trust to domain ENT4 established Which is basically what I got when trying to establish trusts between Samba and the PCNL domain. I suspect it is an RPC issue. Thanks Forwarded Message > From: Volker Lendecke <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: Damian Lock (SSCI) <[EMAIL PROTECTED]> > Cc: samba@lists.samba.org > Subject: Re: [Samba] Samba 3.x and PCNetLink domain trusts > Date: Fri, 27 Apr 2007 07:44:54 +0200 > > On Thu, Apr 26, 2007 at 03:00:08PM -0400, Damian Lock (SSCI) wrote: > > I am trying to establish a domain trust between a Samba 3.024 domain and > > a PC Netlink 2.0 domain. > > These types of problems are a bit difficult to diagnose, > none of the Samba developers I know has direct access to a > PC Netlink installation. It should be possible to get these > bugs fixed, but I would say that this is not really a high > priority task for us. You might have more success migrating > that domain to NT4, I've seen successful migrations away > from PC Netlink via the NT4 path. > > Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.x and PCNetLink domain trusts
On Thu, Apr 26, 2007 at 03:00:08PM -0400, Damian Lock (SSCI) wrote: > I am trying to establish a domain trust between a Samba 3.024 domain and > a PC Netlink 2.0 domain. These types of problems are a bit difficult to diagnose, none of the Samba developers I know has direct access to a PC Netlink installation. It should be possible to get these bugs fixed, but I would say that this is not really a high priority task for us. You might have more success migrating that domain to NT4, I've seen successful migrations away from PC Netlink via the NT4 path. Volker pgpWbTRSKzzOR.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.x and PCNetLink domain trusts
I am trying to establish a domain trust between a Samba 3.024 domain and a PC Netlink 2.0 domain. Currently, we are using PC Netlink as our primary Windows file server and "NT4" domain controller. (Lets say that the domain is called LEGACY and the domain controller LX1) Windows 2003 servers are unable to join a PC Netlink domain (even with the SignOrSeal option disabled.) For this, and other reasons the eventual goal is to drop PC Netlink in favor of Samba.In the interim, I would like to make resources on Windows 2003 machines available to users without a duplicate set of accounts being required. To this end, I configured a Samba 3.024 domain "SAMBA" with a machine called SMB1. I can add Windows 2003 servers to this domain. I then tried to establish trusts. (Actually, I only need the SAMBA domain to trust the LEGACY domain.) LEGACY DOMAIN TO TRUST SAMBA DOMAIN I tried the following to have the LEGACY domain trust the SAMBA domain: On SMB1: #useradd legacy$ #smbpasswd -a -i legacy On a Windows 2000 server in the LEGACY domain, I used the NT4 User Manager for Domains tool to add the SAMBA domain as a trusted domain. Which seemed to work. I then added my SAMBA user account to the local users group of the Windows 2000 machine. However, when I try to log in as that user, I get the following message "the system cannot log you on now because the domain e2k is not available." The event log on the PC Netlink server shows "no domain controller is available for E2K for the following reason: There are currently no logon servers available to service the logon request" SAMBA DOMAIN TO TRUST LEGACY DOMAIN I have also tried to have the SAMBA domain trust the LEGACY domain. On the Windows 2000 server in the LEGACY domain, with the User Manager for Domains tool, I listed SAMBA as a trusting domain. The, on SMB1: smb1# net rpc trustdom establish legacy Could not connect to server LX1 Trust to domain LEGACY established On the Windows 2003 server in the SAMBA domain, I attempt to add users from the LEGACY domain to the local users group. I go to the CompMgt console->users->add -> select the domain. When prompted, enter the LEGACY\Administrator name and password. When I attempt to list accounts, or explicitly add a name, from from the LEGACY domain, I get the message the following error occurred while using the user name and password you entered. The remote procedure call failed and did not execute. Any thoughts? thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
