[Samba] Trust relationship between two samba with ldap backend
Hi All, I´m working hard on understing how to make trust relationship work between to samba servers with ldap backend. In my lab I have two Debian Sarge boxes running samba 3.0.7 with openldap 2.1.30. I joined each other domain with both machines. In the first one (DOM1) I created the machine account with the command smbldap-useradd -a -i DOM2 and set it´s password. Did the same on the second box with smbldap-useradd -a -i DOM3. The strange thing is that these trust domain account doesn´t have the $ simbol in front of it. Next I´ve tried to add the trusting in DOM1 using the command net rpc trustdom add DOM2 123 and retyped the passsword. And did with DOM2 net rpc trustdom add DOM1 654 and retyped the password. And then I tried to establish the trust relationship in DOM1 doing net rpc trustdom establish DOM2 typed the password 654 and got the following error: [2004/09/21 10:53:19, 0] utils/net_rpc.c:rpc_trustdom_establish(3075) Couldn't verify trusting domain account. Error was NT_STATUS_OK Did the same on DOM2 and got the same error. Does anybody have a clue of what I´m doing wrong? Thank´s you all. Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship between two samba with ldap backend
On Tuesday 21 September 2004 08:33, Gustavo Lima wrote: Hi All, I´m working hard on understing how to make trust relationship work between to samba servers with ldap backend. In my lab I have two Debian Sarge boxes running samba 3.0.7 with openldap 2.1.30. I joined each other domain with both machines. In the first one (DOM1) I created the machine account with the command smbldap-useradd -a -i DOM2 and set it´s password. Did the same on the second box with smbldap-useradd -a -i DOM3. The strange thing is that these trust domain account doesn´t have the $ simbol in front of it. Next I´ve tried to add the trusting in DOM1 using the command net rpc trustdom add DOM2 123 and retyped the passsword. And did with DOM2 net rpc trustdom add DOM1 654 and retyped the password. And then I tried to establish the trust relationship in DOM1 doing net rpc trustdom establish DOM2 typed the password 654 and got the following error: [2004/09/21 10:53:19, 0] utils/net_rpc.c:rpc_trustdom_establish(3075) Couldn't verify trusting domain account. Error was NT_STATUS_OK Did the same on DOM2 and got the same error. Does anybody have a clue of what I´m doing wrong? First, before setting up the trust relationship, you need to join each Samba server to its own domain. net rpc join Then the setting up of the trust should work. - John T. Thank´s you all. Gustavo -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship between two samba with ldap backend
John, Thank´s for answering, but still the same problem. I think is better for us to go step by step. Well, I joined the remote domain and the local domain with the net rpc join command. Then after I tried to create the machine account with the command net rpc trustdom add DOM2 654. Then I´m asked for another password: dom1:~# net rpc trustdom add DOM2 654 Password: What password is this one asked after the command. Anything I put there don´t give me an error but doesn´t give me a sucessfull output later on net rpc trustdom list. Still giving me none in trusting and trusted domains list. So I think before trying to reach the end, I should have to make a trusting domains add sucessfull. Can you tell me where is good docs about it or give me a step by step configuration? Thank´s once again. Gustavo - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 21, 2004 12:53 PM Subject: Re: [Samba] Trust relationship between two samba with ldap backend On Tuesday 21 September 2004 08:33, Gustavo Lima wrote: Hi All, I´m working hard on understing how to make trust relationship work between to samba servers with ldap backend. In my lab I have two Debian Sarge boxes running samba 3.0.7 with openldap 2.1.30. I joined each other domain with both machines. In the first one (DOM1) I created the machine account with the command smbldap-useradd -a -i DOM2 and set it´s password. Did the same on the second box with smbldap-useradd -a -i DOM3. The strange thing is that these trust domain account doesn´t have the $ simbol in front of it. Next I´ve tried to add the trusting in DOM1 using the command net rpc trustdom add DOM2 123 and retyped the passsword. And did with DOM2 net rpc trustdom add DOM1 654 and retyped the password. And then I tried to establish the trust relationship in DOM1 doing net rpc trustdom establish DOM2 typed the password 654 and got the following error: [2004/09/21 10:53:19, 0] utils/net_rpc.c:rpc_trustdom_establish(3075) Couldn't verify trusting domain account. Error was NT_STATUS_OK Did the same on DOM2 and got the same error. Does anybody have a clue of what I´m doing wrong? First, before setting up the trust relationship, you need to join each Samba server to its own domain. net rpc join Then the setting up of the trust should work. - John T. Thank´s you all. Gustavo -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship between two samba with ldap backend
On Tuesday 21 September 2004 11:29, Gustavo Lima wrote: John, Thank´s for answering, but still the same problem. I think is better for us to go step by step. Well, I joined the remote domain and the local domain with the net rpc join command. Then after I tried to create the machine account with the command net rpc trustdom add DOM2 654. Then I´m asked for another password: dom1:~# net rpc trustdom add DOM2 654 Password: Before you do this, use the smbldap-useradd tool to create the trust account. Then set a pasword on it. That is the one you need to use. - John T. What password is this one asked after the command. Anything I put there don´t give me an error but doesn´t give me a sucessfull output later on net rpc trustdom list. Still giving me none in trusting and trusted domains list. So I think before trying to reach the end, I should have to make a trusting domains add sucessfull. Can you tell me where is good docs about it or give me a step by step configuration? Thank´s once again. Gustavo - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 21, 2004 12:53 PM Subject: Re: [Samba] Trust relationship between two samba with ldap backend On Tuesday 21 September 2004 08:33, Gustavo Lima wrote: Hi All, I´m working hard on understing how to make trust relationship work between to samba servers with ldap backend. In my lab I have two Debian Sarge boxes running samba 3.0.7 with openldap 2.1.30. I joined each other domain with both machines. In the first one (DOM1) I created the machine account with the command smbldap-useradd -a -i DOM2 and set it´s password. Did the same on the second box with smbldap-useradd -a -i DOM3. The strange thing is that these trust domain account doesn´t have the $ simbol in front of it. Next I´ve tried to add the trusting in DOM1 using the command net rpc trustdom add DOM2 123 and retyped the passsword. And did with DOM2 net rpc trustdom add DOM1 654 and retyped the password. And then I tried to establish the trust relationship in DOM1 doing net rpc trustdom establish DOM2 typed the password 654 and got the following error: [2004/09/21 10:53:19, 0] utils/net_rpc.c:rpc_trustdom_establish(3075) Couldn't verify trusting domain account. Error was NT_STATUS_OK Did the same on DOM2 and got the same error. Does anybody have a clue of what I´m doing wrong? First, before setting up the trust relationship, you need to join each Samba server to its own domain. net rpc join Then the setting up of the trust should work. - John T. Thank´s you all. Gustavo -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship between two samba with ldap backend
John, I cleanned all the entries from my ldap. Created the OUs again. Joined the local and the remote domain. dom1:/etc# net rpc join -S dom1 -U Administrator%passwd dom1:/etc# net rpc join -S dom2 -U Administrator%passwd Created the machine user: dom1:/etc/smbldap-tools# smbldap-useradd -a -i dom2 New password : 123456 Retype new password : 123456 dom1:/etc/smbldap-tools# net rpc trustdom add dom2 123456 Password: 123456 Then I listed the trusts: teste1:/etc/smbldap-tools# net rpc trustdom list Password: (here, everything I type works) Trusted domains list: none Trusting domains list: none Other tip? Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship between two samba with ldap backend
On Tuesday 21 September 2004 13:09, Gustavo Lima wrote: John, I cleanned all the entries from my ldap. Created the OUs again. Joined the local and the remote domain. dom1:/etc# net rpc join -S dom1 -U Administrator%passwd dom1:/etc# net rpc join -S dom2 -U Administrator%passwd No. Each machine needs to join its own domain. - John T. Created the machine user: dom1:/etc/smbldap-tools# smbldap-useradd -a -i dom2 New password : 123456 Retype new password : 123456 dom1:/etc/smbldap-tools# net rpc trustdom add dom2 123456 Password: 123456 Then I listed the trusts: teste1:/etc/smbldap-tools# net rpc trustdom list Password: (here, everything I type works) Trusted domains list: none Trusting domains list: none Other tip? Gustavo -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship between two samba with ldap backend - working now
John, Just berfore I explain how it worked a last question. In NT networks we need to replicate WINS between PDCs. Is this needed in samba? How does it work? Or I have to use the same WINS server to all PDC over WAN? Not clear for me. I did this way. Joined the local domain. Created a machine account with smbldap-useradd -w dom2 on domain 1 machine. Then changed it´s password and at last changed the sambaAcctFlags in ldap db to [I]. At this time the trusting was showed on list command. Then I did the same on the domain 2 machine. Ending the story I established the trust on dom1 with the command net rpc trustdom establish dom2 and put the dom2 machine account password. At last I repeated the process on machine dom2. Logged on WinXP and everything was working fine. Thank´s by the tips. Were very usefull. Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship between two samba with ldap backend - working now
On Tuesday 21 September 2004 14:13, Gustavo Lima wrote: John, Just berfore I explain how it worked a last question. In NT networks we need to replicate WINS between PDCs. Is this needed in samba? How does it work? Or I have to use the same WINS server to all PDC over WAN? Not clear for me. You need to use one single WINS server. WINS replication is not yet fully implemented and is therefore not functional. - John T. I did this way. Joined the local domain. Created a machine account with smbldap-useradd -w dom2 on domain 1 machine. Then changed it´s password and at last changed the sambaAcctFlags in ldap db to [I]. At this time the trusting was showed on list command. Then I did the same on the domain 2 machine. Ending the story I established the trust on dom1 with the command net rpc trustdom establish dom2 and put the dom2 machine account password. At last I repeated the process on machine dom2. Logged on WinXP and everything was working fine. Thank´s by the tips. Were very usefull. Gustavo -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba