Re: [Samba] trust relationship whit samba 4.3 ldap backend and Active Directory
Hi, My question also related to German query. I used to upgrade the existing Samba3 which has a one way (incoming) to the Active Directory running Windows 2008. In short, clients of Samba3 can login locally or to the AD. But when I upgraded to Samba4 the trust was been lost. Are there any way I can reconnect it without changing the trust relationship in AD which I don't have the access? These are the setup KAZEKAGE.NET (hostname - KAKURA) - is the Active Directory with one way trust to Samba GAARA.SANDBOX.NET (hostname - SHUKAKU) which is a Samba3 and upgraded to Samba4 with no problems except the trust broke. For the logs you can see here. http://db.tt/EiU1gtmw When I issue the command to establish the relationship, *net rpc trustdom establish KAZEKAGE -U administrator *it generates a log pointing to the ldap server (of the SAMBA3), which If I run it for sure will conflict with the existing Samba4 own ldap. But when I list the trust, it broke (no listings) which suppose to be okay with Samba3. *net rpc trustdom list -U administrator* Or even joining to the AD, which still got an ldap server problem. *net rpc join -U administrator -S KARURA* I didn't change the generated smb.conf of Samba4. Or how do I point the ldap? or Syntax? in smb.conf as what got in samba3. Do I need to rejoin it again, meaning to change the trust in 'Active Directory Domains and Trusts' in AD? I can't access the trust of samba4 - an upgrade of samba3. (As for testing purposes but in production AD server don't have administrative account(s) which I am afraid if it doesn't work). Best regards and thanks, Mario On Sat, Feb 9, 2013 at 8:29 AM, German Waisvol german.wais...@gmail.comwrote: Good afternoon, it is possible make a two way trust relationship between samba 4.3 and active directory? best regards Germán Waisvol SR. Linux Unix System administrator -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] trust relationship whit samba 4.3 ldap backend and Active Directory
Good afternoon, it is possible make a two way trust relationship between samba 4.3 and active directory? best regards Germán Waisvol SR. Linux Unix System administrator -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trust relationship between this workstation and the primary domain failed
Tcpdump from 2008 (works) and XP (not working) are different. I noticed 2008 and windows 7 (working) smbclients keep all SMB traffic between the smbclient and smbserver while XP and 2000 (not working) communicate SMB traffic between SMBserver and AD server as well as SMBserver and SMBclient. TCP dump from Samba server below: 2008 (working) smbclient SMBnegprot (REQUEST) - smbserver smbserver SMBnegprot (REPLY) - smbclient smbclient SMBsessionsetupX (REQUEST) - smbserver smbserver SRV _ldap... and A lookup - DNS DNS - smbserver smbserver - AD AD - smbserver smbserver SMBsesssetupX (REPLY) - smbclient smbclient SMBtconX (REQUEST) - smbserver smbserver SMBtconX (REPLY) - smbclient smbclient SMBtrans2 (REQUEST) - smbserver smbclient SMBtrans2 (REQUEST) - smbserver smbserver SMBtrans2 (REPLY) - smbclient smbserver SMBtrans2 (REPLY) - smbclient smbclient SMBntcreateX (REQUEST) - smbserver smbserver SMBntcreateX (REPLY) - smbclient smbserver SMBwriteX (REQUEST) - smbclient smbserver SMBwriteX (REPLY) - smbclient smbclient SMBreadx (REQUEST) - smbserver smbserver SMBntcreateX (REPLY) - smbclient smbclient SMBclose (REQUEST) - smbserver smbserver SMBclose (REPLY) - smbclient XP (Not working) smbclient SMBnegprot (REQUEST) - smbserver smbserver SMBnegprot (REPLY) - smbclient smbclient SMBsessionsetupX (REQUEST) - smbserver smbserver SRV _ldap... and A lookup - DNS DNS - smbserver smbserver - AD AD - smbserver smbserver SMBnegprot (REQUEST) - AD AD SMBnegprot (REPLY) - smbserver smbserver SMBsessionsetupX (REQUEST) - AD AD SMBsessionsetupX (REPLY) - smbserver smbserver SMBtconX (REQUEST) - AD AD SMBtconX (REPLY) - smbserver smbserver SMBntcreateX (REQUEST) - AD AD SMBntcreateX (REPLY) - smbserver smbserver SMBtdis (REQUEST) - AD AD SMBtdis (REPLY) - smbserver smbserver SMBnegprot (REQUEST) - AD AD SMBnegprot (REPLY) - smbserver smbserver SMBsessionsetupX (REQUEST) - AD AD SMBsessionsetupX (REPLY) - smbserver smbserver SMBtconX (REQUEST) - AD AD SMBtconX (REPLY) - smbserver smbserver SMBntcreateX (REQUEST) - AD AD SMBntcreateX (REPLY) - smbserver smbserver SMBtdis (REQUEST) - AD AD SMBtdis (REPLY) - smbserver smbserver SMBsesssetupX (REPLY) - smbclient.menandmice-lpm smbclient.univ-appserver - smbserver.http smbserver.http - smbclient.univ-appserver smbclient.univ-appserver - smbserver.http smbserver.http - smbclient.univ-appserver --- On Tue, 4/17/12, clinton propst clintonpro...@yahoo.com wrote: From: clinton propst clintonpro...@yahoo.com Subject: Re: [Samba] trust relationship between this workstation and the primary domain failed To: Ivan Ordonez iordo...@berkeley.edu Date: Tuesday, April 17, 2012, 2:19 PM Ivan, XP and 2000 Servers LAN MAN was set to LM NTLM. I reset an XP node to 'Send NTLMv2 response only\refuse LM NTLM' and reboot and receive the same errors. Searching through tcpdump of failed attempt. Clinton --- On Tue, 4/10/12, Ivan Ordonez iordo...@berkeley.edu wrote: From: Ivan Ordonez iordo...@berkeley.edu Subject: Re: [Samba] trust relationship between this workstation and the primary domain failed To: clinton propst clintonpro...@yahoo.com Date: Tuesday, April 10, 2012, 5:41 PM I believe the LAN MAN authentication level should be set to this. Send NTLMv2 response only\refuse LM NTLM On 4/10/2012 2:25 PM, clinton propst wrote: Thanks for the Reply. All of our smb clients (windows 7, server 2000, server 2008, xp) are set to require NTLMv2 and 128 bit encryption. The windows 7 and server 2008 work fine. Do you think we should try setting xp and 2000 nodes to NTLMv1? Thanks, Clinton --- On Tue, 4/10/12, Ivan Ordonez iordo...@berkeley.edu wrote: From: Ivan Ordonez iordo...@berkeley.edu Subject: Re: [Samba] trust relationship between this workstation and the primary domain failed To: clinton propst clintonpro...@yahoo.com Date: Tuesday, April 10, 2012, 2:36 PM Have you try changing the NTLM authentication level? On 4/10/2012 9:17 AM, clinton propst wrote: Still not working after readding machines to the domain. Errors are the same as originally posted in /var/log/messages. --- On Tue, 4/10/12, John Drescherdresche...@gmail.com wrote: From: John Drescherdresche...@gmail.com Subject: Re: [Samba] trust relationship between this workstation and the primary domain failed To: clinton propstclintonpro...@yahoo.com
[Samba] trust relationship between this workstation and the primary domain failed
Samba shares work for windows 7 and Server 2008, but XP and Server 2000 recieve the following error when trying to map samba shares: The trust relationship between this workstation and the primary domain failed. tail -f /var/log/messages Apr 10 07:38:03 samba01 smbd[23581]: connect_to_domain_password_server: unable to open the domain client session to machine ad1.strat.com. Error was : NT_STATUS_ACCESS_DENIED. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.788387, 0] rpc_client/cli_pipe.c:4163(cli_rpc_pipe_open_schannel) Apr 10 07:38:03 samba01 smbd[23581]: cli_rpc_pipe_open_schannel: failed to get schannel session key from server ad1.strat.com for domain ARN. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.788601, 0] auth/auth_domain.c:188(connect_to_domain_password_server) Apr 10 07:38:03 samba01 smbd[23581]: connect_to_domain_password_server: unable to open the domain client session to machine ad1.strat.com. Error was : NT_STATUS_ACCESS_DENIED. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.789152, 0] auth/auth_domain.c:289(domain_client_validate) Apr 10 07:38:03 samba01 smbd[23581]: domain_client_validate: Domain password server not available Samba 3.5.10 RHEL 6.2 Any help is appreciated. Thanks, Clinton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trust relationship between this workstation and the primary domain failed
On Tue, Apr 10, 2012 at 8:43 AM, clinton propst clintonpro...@yahoo.com wrote: Samba shares work for windows 7 and Server 2008, but XP and Server 2000 recieve the following error when trying to map samba shares: The trust relationship between this workstation and the primary domain failed. tail -f /var/log/messages Apr 10 07:38:03 samba01 smbd[23581]: connect_to_domain_password_server: unable to open the domain client session to machine ad1.strat.com. Error was : NT_STATUS_ACCESS_DENIED. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.788387, 0] rpc_client/cli_pipe.c:4163(cli_rpc_pipe_open_schannel) Apr 10 07:38:03 samba01 smbd[23581]: cli_rpc_pipe_open_schannel: failed to get schannel session key from server ad1.strat.com for domain ARN. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.788601, 0] auth/auth_domain.c:188(connect_to_domain_password_server) Apr 10 07:38:03 samba01 smbd[23581]: connect_to_domain_password_server: unable to open the domain client session to machine ad1.strat.com. Error was : NT_STATUS_ACCESS_DENIED. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.789152, 0] auth/auth_domain.c:289(domain_client_validate) Apr 10 07:38:03 samba01 smbd[23581]: domain_client_validate: Domain password server not available Samba 3.5.10 RHEL 6.2 Any help is appreciated. http://lists.samba.org/archive/samba/2010-October/158591.html -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trust relationship between this workstation and the primary domain failed
Thannks for the reply. Set the the reg key below and rebooted. Issue still not resolved. From reading that post it looks like that was a fix for windows 7. Our windows 7 workstations and server 2008 can access samba shares, but xp and server 2000 cannot. HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters DisablePasswordChange = dword:1 --- On Tue, 4/10/12, John Drescher dresche...@gmail.com wrote: From: John Drescher dresche...@gmail.com Subject: Re: [Samba] trust relationship between this workstation and the primary domain failed To: clinton propst clintonpro...@yahoo.com Cc: samba@lists.samba.org Date: Tuesday, April 10, 2012, 7:47 AM On Tue, Apr 10, 2012 at 8:43 AM, clinton propst clintonpro...@yahoo.com wrote: Samba shares work for windows 7 and Server 2008, but XP and Server 2000 recieve the following error when trying to map samba shares: The trust relationship between this workstation and the primary domain failed. tail -f /var/log/messages Apr 10 07:38:03 samba01 smbd[23581]: connect_to_domain_password_server: unable to open the domain client session to machine ad1.strat.com. Error was : NT_STATUS_ACCESS_DENIED. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.788387, 0] rpc_client/cli_pipe.c:4163(cli_rpc_pipe_open_schannel) Apr 10 07:38:03 samba01 smbd[23581]: cli_rpc_pipe_open_schannel: failed to get schannel session key from server ad1.strat.com for domain ARN. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.788601, 0] auth/auth_domain.c:188(connect_to_domain_password_server) Apr 10 07:38:03 samba01 smbd[23581]: connect_to_domain_password_server: unable to open the domain client session to machine ad1.strat.com. Error was : NT_STATUS_ACCESS_DENIED. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.789152, 0] auth/auth_domain.c:289(domain_client_validate) Apr 10 07:38:03 samba01 smbd[23581]: domain_client_validate: Domain password server not available Samba 3.5.10 RHEL 6.2 Any help is appreciated. http://lists.samba.org/archive/samba/2010-October/158591.html -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trust relationship between this workstation and the primary domain failed
On Tue, Apr 10, 2012 at 9:46 AM, clinton propst clintonpro...@yahoo.comwrote: Thannks for the reply. Set the the reg key below and rebooted. Issue still not resolved. From reading that post it looks like that was a fix for windows 7. Our windows 7 workstations and server 2008 can access samba shares, but xp and server 2000 cannot. HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters DisablePasswordChange = dword:1 You have to re add all machines affected machines to the domain. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trust relationship between this workstation and the primary domain failed
Still not working after readding machines to the domain. Errors are the same as originally posted in /var/log/messages. --- On Tue, 4/10/12, John Drescher dresche...@gmail.com wrote: From: John Drescher dresche...@gmail.com Subject: Re: [Samba] trust relationship between this workstation and the primary domain failed To: clinton propst clintonpro...@yahoo.com Cc: samba@lists.samba.org Date: Tuesday, April 10, 2012, 9:09 AM On Tue, Apr 10, 2012 at 9:46 AM, clinton propst clintonpro...@yahoo.com wrote: Thannks for the reply. Set the the reg key below and rebooted. Issue still not resolved. From reading that post it looks like that was a fix for windows 7. Our windows 7 workstations and server 2008 can access samba shares, but xp and server 2000 cannot. HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters DisablePasswordChange = dword:1 You have to re add all machines affected machines to the domain. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trust relationship between this workstation and the primary domain failed
Still not working after readding machines to the domain. Errors are the same as originally posted in /var/log/messages. Please forget my advice. I thought you had a different problem. I should not reply to posts while distracted.. I do not know how to solve your issue. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Trust relationship between Windows Domains
Hello, we have the following scenario: - Samba v3.0.23d runing under AIX v5.3 - Two Windows Domains, lets call them D1 and D2, that have a trust relationship between them so that any user on D1 can access resources on D2 without need to re-authenticate. Now, for business needs we would like to set up a common repository in our AIX server that is accessible from all our AIX and Windows machines. Our goal is that any user (independently of the environment or Domain he is in) is able to access this repository without need to re-enter any credentials. We have tried associating the Samba instance to domain D2 and we expected that users on domain D1 would be able to access it as well (as it happens on Windows machines due to the trust relationship). However, we have seen that this is not the case. Users on D1 can not access the Samba repository without re-authenticating using D2 credentials. It seems like Samba is not able to apply the trust relationship that was defined at Windows level. Is there any way we can configure Samba to achieve our goal of granting access to the AIX repository to both users on D1 and D2 without need to re-authenticate? Two possible solutions have occurred to us, but we don't know whether they are technically feasible or not or how hard they would be to implement/maintain: Option 1) Configure Samba in such a way so that it is able to apply the trust relationship that exists between the two windows domains (D1 and D2). --- Option 2) Configure and run a second instance of Samba on the AIX machine. One instance would be assigned to D1 and the other instance to D2. --- Can you please advise on the feasibility of these options or provide alternatives we have not thought of? thanks! EMILIO J. IGLESIAS ALM - Application Lifecycle Management Engineer CSC Asturias WSS | office: +34 985 120341 | email: eiglesias...@csc.com | www.csc.com Advanced Leave notice: July 29th to Aug 22nd CSC • This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose • Computer Sciences España, SA • Registered Office: Avenida Diagonal, 545 Pl. 6, Edificio L’Illa, 08029 Barcelona, Spain • Registered in Spain No: C.i.f. A59425546 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Trust relationship failed
I am running Ubuntu 9.10 with samba 3.4.0 After making the regedits on http://wiki.samba.org/index.php/Windows7 I can join a windows 7 computers to the domain. But about 66%(random number) of the time I get an error, trust relationship failed between computer and domain, when trying to login. But if I can get passed that, everything works great. I have searched the web and in seems others are having the same problem, but I dont see a solution. Most post mention HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 But the samba wiki says to make sure this are set to 1 Has anyone had this problem and gotten around it??? Timothy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Trust relationship and trusting member servers
I'm in the process of migrating from a Samba PDC to a Win2k3 PDC (all member servers will remain as Samba boxes). NEWDOMAIN = new Win2k3 PDC OLDDOMAIN = current samba PDC OLDDOMAIN_MEMBER = a current samba box that's a member of OLDDOMAIN I've successfully established a trust relationship between OLDOMAIN and NEWDOMAIN where OLDDOMAIN trusts NEWDOMAIN. Users in NEWDOMAIN have full access to resources on the OLDDOMAIN PDC. Where I'm stuck is granting access to OLDDOMAIN_MEMBER to users in NEWDOMAIN. OLDDOMAIN_MEMBER is joined to OLDDOMAIN and works as expected (Users in OLDDOMAIN can access resources on OLDDOMAIN_MEMBER. But users in NEWDOMAIN do not. Can someone help with the general concept here? Should it work as I've configured it? Does OLDDOMAIN_MEMBER need to be running winbind against OLDDOMAIN PDC, or even NEWDOMAIN? (although I don't see how the latter would work without moving OLDDOMAIN_MEMBER to NEWDOMAIN). Sorry if this is confusing -- tried to make it as clear as possible. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] trust relationship fails
Hi, So I have this samba file server, samba-3.0.10-1.4E.9 to be exact, that is a member of an NT 4 domain. It usually works great for days and days. But every now and again clients will start getting this message: The trust relationship between this workstation and the primary domain failed. At that point I've simply removed the server from the domain and re-added it, and then things start to work again. This is somewhat fine I guess...but I was still hoping someone could shed some light on how to prevent this situation from occuring. Thanks in advance, Glen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] trust relationship fails
Hi, So I have this samba file server, samba-3.0.10-1.4E.9 to be exact, that is a member of an NT 4 domain. It usually works great for days and days. But every now and again clients will start getting this message: The trust relationship between this workstation and the primary domain failed. At that point I've simply removed the server from the domain and re-added it, and then things start to work again. This is somewhat fine I guess...but I was still hoping someone could shed some light on how to prevent this situation from occuring. Thanks in advance, Glen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Trust Relationship Problem
Dear SAMBA Mailing List I am using Samba samba-3.0.9-1.3E.10, OS Centos 4.4 We have got the problem. when I am issuing a net rpc trustdom list command some time it is showing ok and sometime it is showing error message. and some time not. It is creating a problem to authenticate other Samba workstartion to PDC Server. 1) [ [EMAIL PROTECTED] samba]# net rpc trustdom list Password: Trusted domains list: CSWNS-1-5-21-4226246216-841769125-2743635684 CSWGS-1-5-21-2182516265-3119084770-3204029048 Trusting domains list: [2007/02/27 07:47:43, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds [2007/02/27 07:47:43, 0] utils/net_rpc.c:rpc_trustdom_list(4688) Couldn't enumerate accounts. Error was: NT_STATUS_UNSUCCESSFUL 2) [ [EMAIL PROTECTED] samba]# net rpc trustdom list Password: Could not connect to server PDCDEL The username or password was not correct. [2007/02/27 07:49:03, 0] utils/net_rpc.c:rpc_trustdom_list(4565) Couldn't connect to domain controller 3) [EMAIL PROTECTED] samba]# net rpc trustdom list Password: Trusted domains list: CSWNS-1-5-21-4226246216-841769125-2743635684 CSWGS-1-5-21-2182516265-3119084770-3204029048 Trusting domains list: CSWNS-1-5-21-4226246216-841769125-2743635684 CSWGS-1-5-21-2182516265-3119084770-3204029048 [ [EMAIL PROTECTED] samba]# net rpc trustdom list Password: Trusted domains list: CSWNS-1-5-21-4226246216-841769125-2743635684 CSWGS-1-5-21-2182516265-3119084770-3204029048 Trusting domains list: CSWNS-1-5-21-4226246216-841769125-2743635684 CSWGS-1-5-21-2182516265-3119084770-3204029048 This is the log status (Output of /var/log/messages) Feb 27 14:47:30 pdcdel samba(pam_unix)[12925]: session closed for user kth Feb 27 14:47:30 pdcdel smbd[12913]: [2007/02/27 14:47:30, 0] auth/auth_util.c:make_server_info_info3(1134) Feb 27 14:47:30 pdcdel smbd[12913]: make_server_info_info3: pdb_init_sam failed! Feb 27 14:47:30 pdcdel smbd[12913]: [2007/02/27 14:47:30, 0] auth/auth_util.c:make_server_info_info3(1134) Feb 27 14:47:30 pdcdel smbd[12913]: make_server_info_info3: pdb_init_sam failed! Feb 27 14:47:30 pdcdel smbd[12913]: [2007/02/27 14:47:30, 0] auth/auth_util.c:make_server_info_info3(1134) Feb 27 14:47:30 pdcdel smbd[12913]: make_server_info_info3: pdb_init_sam failed! Feb 27 14:47:30 pdcdel smbd[12913]: [2007/02/27 14:47:30, 0] auth/auth_util.c:make_server_info_info3(1134) Feb 27 14:47:30 pdcdel smbd[12913]: make_server_info_info3: pdb_init_sam failed! Feb 27 14:47:30 pdcdel smbd[12913]: [2007/02/27 14:47:30, 0] auth/auth_util.c:make_server_info_info3(1134) Please Help. -- S.Murli Mohan -- S.Murli Mohan There are only two ways to lead your life -- one, let things happen in their own way and tolerate it, and second, take responsibility to change it Rang De Basanti. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trust relationship with two SaMBa´s and one NT. All this is servers
Hello peaplo. I am with a great problema. I have two SaMBa´s configured who server (security = user) and a NT each other clients. I want put this three servers to talk each other and the clients inside with one coud access the resources of other domain like the NT do. My machines. Samba1 = domain1 Samba2 = domain2 NT = domain3 Each one have diferrents users but I want make a trust interdomain relationship. What I need do into mine SaMBa´s?? Thanks Kalil de A. Carvalho. Setor de Redes. +55-84-3212-1236/8845-9998 UnP - Universidade Potiguar APEC - Associação Potiguar de Educação e Cultura. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trust relationship and LDAP backend
Hi, I have a domain using LDAP backend, and recently we've managed to establish a trust relation with another domain in our network, which uses a pure NT4 server. After that, some accounts from the trusted domain started being created in our base. The user created doesn't have the same attributes as a valid user (he doesn't have sambaSamAccount, for example). But for auditing purposes, this shouldn't happen. Is this a normal behaviour? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trust relationship and LDAP backend
Hi, I have a domain using LDAP backend, and recently we've managed to establish a trust relation with another domain in our network, which uses a pure NT4 server. After that, some accounts from the trusted domain started being created in our base. The user created doesn't have the same attributes as a valid user (he doesn't have sambaSamAccount, for example). But for auditing purposes, this shouldn't happen. Is this a normal behaviour? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship and LDAP backend
On Thu, 2006-05-11 at 08:42 -0300, Carlos Eduardo Pedroza Santiviago wrote: Hi, I have a domain using LDAP backend, and recently we've managed to establish a trust relation with another domain in our network, which uses a pure NT4 server. After that, some accounts from the trusted domain started being created in our base. The user created doesn't have the same attributes as a valid user (he doesn't have sambaSamAccount, for example). But for auditing purposes, this shouldn't happen. Is this a normal behaviour? if you don't use winbindd (nss_winbindd) it is. Samba needs a posix user to be able to accept any login on the server. if you run winbindd in trusted domain only mode then it will create posix accounts for you on the fly (allocating them out of the idmap uid range). If you do not provide corresponding posix accounts for trusted users then samba will try to create users in the local account storage by means of the add user account scripts. (But it will not populate them with windows account attributes because they are not local accounts, and all the information is retrieved by the remote trusted server). I recommend you to use winbindd in such environment, it will not only keep your ldap tree clear but it will also act as a connection proxy and will lessen the oad on your DCs as well do some caching. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trust Relationship trouble
I have Centos 4.1 Samba 3.0.2 adn LDAP for authentication. I will to make a Bidirectional-trustrelatioship between my LINUXPDC and a NT4-server. i make with the command smbldap-useradd -i -w NT4-server the local account on LINUXPDC, then with user manager on NT4-server i create the trust (trusting and trusted). NT4-says trust relationship successfully estabilished (for trusting domain)but LINUXPDC when i digit net rpc trustdom establish NT4-server, i insert the password but he says: Could not contact BTSARSRV01(the name of NT4-server PDC) trust relatioship estabilished. What is the problem? Thanks for any help and excuse for my poor english Francesco -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] trust relationship
Hey your scenario does match with some of my requirements. Could you please share your configurations and guide, if you have one? May be I could work on it with trust relation concept to find some more centeralized solution. On 7/26/05, Marcin Giedz [EMAIL PROTECTED] wrote: Dnia wtorek, 26 lipca 2005 07:07, Abubakar . napisał: hi Hi This is not exactly what I have nowadays but it has some common features. I have 4 domain controllers in four different cities based on one LDAP directory. Of course in every department slave LDAP also works. However one LDAP directory is splitted onto four trees - one tree for one domain. Disadvantage of this solution is that you need to have users in all four trees so they can explore shares on all domains. It's also hard to maintain without special software but it works. I have never tried trust relationships, maybe this solution is better? Marcin i want to create Enterprise wide domain trust relationships between samba domains / domain controllers. And with that i want to achieve 1- complete directory replication, (like Additional domain controller) 2- user account migration between domains, 3- policy enforcement on all the domains from a single domain, 4- delegated administration of domains So how should i do all this PS. currently i've created a samba DC, integrated with ldap, that is authenticating winxp clients. And iam creating another domain controller in order to make trusts amongs these two. -- Abubakar, __ www.bakars.com -- Abubakar, __ www.bakars.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] trust relationship
hi i want to create Enterprise wide domain trust relationships between samba domains / domain controllers. And with that i want to achieve 1- complete directory replication, (like Additional domain controller) 2- user account migration between domains, 3- policy enforcement on all the domains from a single domain, 4- delegated administration of domains So how should i do all this PS. currently i've created a samba DC, integrated with ldap, that is authenticating winxp clients. And iam creating another domain controller in order to make trusts amongs these two. -- Abubakar, __ www.bakars.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trust relationship problem [repost]
Hello, I have a problem with trust relationship between W2003 AD and samba 3.0.6 (Mandrake Corporate Server 3.0) and W98 machines. Samba is the trusted domain and W2003 the trusting domain. All the clients (w98 and Win XP) are in the samba domain. The win XP clients can access the shares of the W2003, but the w98 clients cannot. They have this error : error 55 saying the ressource is not available. I have installed a NT4 in place of the samba, and all clients work perfect. UPDATE : I have installed samba 3.0.11 from the SRPMS found at samba.org, and still have the problem. Any help would be greatly appreciated. Best regards, -- Didier ALBENQUE DAG/DSI/BME -10. Heard at my workplace when I found emacs wouldn't run : Oh I took that thing off, it was huge and nobody uses it. It's a stupid editor anyway. --Spoken by an MS-DOS programmer --Top 100 things you don't want the sysadmin to say -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trust relationship problem
Hello, I have a problem with trust relationship between W2003 AD and samba 3.0.6 (Mandrake Corporate Server 3.0) and W98 machines. Samba is the trusted domain and W2003 the trusting domain. All the clients (w98 and Win XP) are in the samba domain. The win XP clients can access the shares of the W2003, but the w98 clients cannot. They have this error : error 55 saying the ressource is not available. I have installed a NT4 in place of the samba, and all clients work perfect. Any idea ? -- Didier ALBENQUE DAG/DSI/BME Il ne faut jamais dire : Fontaine, ... Dites: Patron, un Muscadet ! -+- Philippe Geluck, Le chat -+- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trust relationship between two samba with ldap backend
Hi All, I´m working hard on understing how to make trust relationship work between to samba servers with ldap backend. In my lab I have two Debian Sarge boxes running samba 3.0.7 with openldap 2.1.30. I joined each other domain with both machines. In the first one (DOM1) I created the machine account with the command smbldap-useradd -a -i DOM2 and set it´s password. Did the same on the second box with smbldap-useradd -a -i DOM3. The strange thing is that these trust domain account doesn´t have the $ simbol in front of it. Next I´ve tried to add the trusting in DOM1 using the command net rpc trustdom add DOM2 123 and retyped the passsword. And did with DOM2 net rpc trustdom add DOM1 654 and retyped the password. And then I tried to establish the trust relationship in DOM1 doing net rpc trustdom establish DOM2 typed the password 654 and got the following error: [2004/09/21 10:53:19, 0] utils/net_rpc.c:rpc_trustdom_establish(3075) Couldn't verify trusting domain account. Error was NT_STATUS_OK Did the same on DOM2 and got the same error. Does anybody have a clue of what I´m doing wrong? Thank´s you all. Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship between two samba with ldap backend
On Tuesday 21 September 2004 08:33, Gustavo Lima wrote: Hi All, I´m working hard on understing how to make trust relationship work between to samba servers with ldap backend. In my lab I have two Debian Sarge boxes running samba 3.0.7 with openldap 2.1.30. I joined each other domain with both machines. In the first one (DOM1) I created the machine account with the command smbldap-useradd -a -i DOM2 and set it´s password. Did the same on the second box with smbldap-useradd -a -i DOM3. The strange thing is that these trust domain account doesn´t have the $ simbol in front of it. Next I´ve tried to add the trusting in DOM1 using the command net rpc trustdom add DOM2 123 and retyped the passsword. And did with DOM2 net rpc trustdom add DOM1 654 and retyped the password. And then I tried to establish the trust relationship in DOM1 doing net rpc trustdom establish DOM2 typed the password 654 and got the following error: [2004/09/21 10:53:19, 0] utils/net_rpc.c:rpc_trustdom_establish(3075) Couldn't verify trusting domain account. Error was NT_STATUS_OK Did the same on DOM2 and got the same error. Does anybody have a clue of what I´m doing wrong? First, before setting up the trust relationship, you need to join each Samba server to its own domain. net rpc join Then the setting up of the trust should work. - John T. Thank´s you all. Gustavo -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship between two samba with ldap backend
John, Thank´s for answering, but still the same problem. I think is better for us to go step by step. Well, I joined the remote domain and the local domain with the net rpc join command. Then after I tried to create the machine account with the command net rpc trustdom add DOM2 654. Then I´m asked for another password: dom1:~# net rpc trustdom add DOM2 654 Password: What password is this one asked after the command. Anything I put there don´t give me an error but doesn´t give me a sucessfull output later on net rpc trustdom list. Still giving me none in trusting and trusted domains list. So I think before trying to reach the end, I should have to make a trusting domains add sucessfull. Can you tell me where is good docs about it or give me a step by step configuration? Thank´s once again. Gustavo - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 21, 2004 12:53 PM Subject: Re: [Samba] Trust relationship between two samba with ldap backend On Tuesday 21 September 2004 08:33, Gustavo Lima wrote: Hi All, I´m working hard on understing how to make trust relationship work between to samba servers with ldap backend. In my lab I have two Debian Sarge boxes running samba 3.0.7 with openldap 2.1.30. I joined each other domain with both machines. In the first one (DOM1) I created the machine account with the command smbldap-useradd -a -i DOM2 and set it´s password. Did the same on the second box with smbldap-useradd -a -i DOM3. The strange thing is that these trust domain account doesn´t have the $ simbol in front of it. Next I´ve tried to add the trusting in DOM1 using the command net rpc trustdom add DOM2 123 and retyped the passsword. And did with DOM2 net rpc trustdom add DOM1 654 and retyped the password. And then I tried to establish the trust relationship in DOM1 doing net rpc trustdom establish DOM2 typed the password 654 and got the following error: [2004/09/21 10:53:19, 0] utils/net_rpc.c:rpc_trustdom_establish(3075) Couldn't verify trusting domain account. Error was NT_STATUS_OK Did the same on DOM2 and got the same error. Does anybody have a clue of what I´m doing wrong? First, before setting up the trust relationship, you need to join each Samba server to its own domain. net rpc join Then the setting up of the trust should work. - John T. Thank´s you all. Gustavo -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship between two samba with ldap backend
On Tuesday 21 September 2004 11:29, Gustavo Lima wrote: John, Thank´s for answering, but still the same problem. I think is better for us to go step by step. Well, I joined the remote domain and the local domain with the net rpc join command. Then after I tried to create the machine account with the command net rpc trustdom add DOM2 654. Then I´m asked for another password: dom1:~# net rpc trustdom add DOM2 654 Password: Before you do this, use the smbldap-useradd tool to create the trust account. Then set a pasword on it. That is the one you need to use. - John T. What password is this one asked after the command. Anything I put there don´t give me an error but doesn´t give me a sucessfull output later on net rpc trustdom list. Still giving me none in trusting and trusted domains list. So I think before trying to reach the end, I should have to make a trusting domains add sucessfull. Can you tell me where is good docs about it or give me a step by step configuration? Thank´s once again. Gustavo - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 21, 2004 12:53 PM Subject: Re: [Samba] Trust relationship between two samba with ldap backend On Tuesday 21 September 2004 08:33, Gustavo Lima wrote: Hi All, I´m working hard on understing how to make trust relationship work between to samba servers with ldap backend. In my lab I have two Debian Sarge boxes running samba 3.0.7 with openldap 2.1.30. I joined each other domain with both machines. In the first one (DOM1) I created the machine account with the command smbldap-useradd -a -i DOM2 and set it´s password. Did the same on the second box with smbldap-useradd -a -i DOM3. The strange thing is that these trust domain account doesn´t have the $ simbol in front of it. Next I´ve tried to add the trusting in DOM1 using the command net rpc trustdom add DOM2 123 and retyped the passsword. And did with DOM2 net rpc trustdom add DOM1 654 and retyped the password. And then I tried to establish the trust relationship in DOM1 doing net rpc trustdom establish DOM2 typed the password 654 and got the following error: [2004/09/21 10:53:19, 0] utils/net_rpc.c:rpc_trustdom_establish(3075) Couldn't verify trusting domain account. Error was NT_STATUS_OK Did the same on DOM2 and got the same error. Does anybody have a clue of what I´m doing wrong? First, before setting up the trust relationship, you need to join each Samba server to its own domain. net rpc join Then the setting up of the trust should work. - John T. Thank´s you all. Gustavo -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship between two samba with ldap backend
John, I cleanned all the entries from my ldap. Created the OUs again. Joined the local and the remote domain. dom1:/etc# net rpc join -S dom1 -U Administrator%passwd dom1:/etc# net rpc join -S dom2 -U Administrator%passwd Created the machine user: dom1:/etc/smbldap-tools# smbldap-useradd -a -i dom2 New password : 123456 Retype new password : 123456 dom1:/etc/smbldap-tools# net rpc trustdom add dom2 123456 Password: 123456 Then I listed the trusts: teste1:/etc/smbldap-tools# net rpc trustdom list Password: (here, everything I type works) Trusted domains list: none Trusting domains list: none Other tip? Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship between two samba with ldap backend
On Tuesday 21 September 2004 13:09, Gustavo Lima wrote: John, I cleanned all the entries from my ldap. Created the OUs again. Joined the local and the remote domain. dom1:/etc# net rpc join -S dom1 -U Administrator%passwd dom1:/etc# net rpc join -S dom2 -U Administrator%passwd No. Each machine needs to join its own domain. - John T. Created the machine user: dom1:/etc/smbldap-tools# smbldap-useradd -a -i dom2 New password : 123456 Retype new password : 123456 dom1:/etc/smbldap-tools# net rpc trustdom add dom2 123456 Password: 123456 Then I listed the trusts: teste1:/etc/smbldap-tools# net rpc trustdom list Password: (here, everything I type works) Trusted domains list: none Trusting domains list: none Other tip? Gustavo -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship between two samba with ldap backend - working now
John, Just berfore I explain how it worked a last question. In NT networks we need to replicate WINS between PDCs. Is this needed in samba? How does it work? Or I have to use the same WINS server to all PDC over WAN? Not clear for me. I did this way. Joined the local domain. Created a machine account with smbldap-useradd -w dom2 on domain 1 machine. Then changed it´s password and at last changed the sambaAcctFlags in ldap db to [I]. At this time the trusting was showed on list command. Then I did the same on the domain 2 machine. Ending the story I established the trust on dom1 with the command net rpc trustdom establish dom2 and put the dom2 machine account password. At last I repeated the process on machine dom2. Logged on WinXP and everything was working fine. Thank´s by the tips. Were very usefull. Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship between two samba with ldap backend - working now
On Tuesday 21 September 2004 14:13, Gustavo Lima wrote: John, Just berfore I explain how it worked a last question. In NT networks we need to replicate WINS between PDCs. Is this needed in samba? How does it work? Or I have to use the same WINS server to all PDC over WAN? Not clear for me. You need to use one single WINS server. WINS replication is not yet fully implemented and is therefore not functional. - John T. I did this way. Joined the local domain. Created a machine account with smbldap-useradd -w dom2 on domain 1 machine. Then changed it´s password and at last changed the sambaAcctFlags in ldap db to [I]. At this time the trusting was showed on list command. Then I did the same on the domain 2 machine. Ending the story I established the trust on dom1 with the command net rpc trustdom establish dom2 and put the dom2 machine account password. At last I repeated the process on machine dom2. Logged on WinXP and everything was working fine. Thank´s by the tips. Were very usefull. Gustavo -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Trust Relationship 3.0.4
I just recreated a trust relationship I get the following message on the samba pdc Could not connect to server server1 should I be concerned about this? The trust realationship appears to be working. Here is the console screen message. Could not connect to server server1 Trust to domain domain established Thanks -Glenn -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Trust Relationship Prob
Hi guys, I have setup Samba as the PDC for the network. The network is Win 2000 based with the PDC as the only Linux machine. My machine is part of the domain. I wanted to make another user (who is also part of the domain) as a user on my computer but I got the error: THE USER COULD NOT BE ADDED BECAUSE THE FOLLOWING ERROR HAS OCCURRED: THE TRUST RELATIONSHIP BETWEEN THIS WORKSTATION AND THE PRIMARY DOMAIN FAILED. What the reason? Kindly suggest a solution before I pull my hair out. Saad. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Trust relationship failed...
Following up on my original post I checked to verify that I was using the correct (original) secrets.tdb, which I was. I started digging a bit more in depth into nmbd.log. There I found some references to a .200 IP which I had used temporarily while the server was out of the client's site for the upgrade. Note that 192.168.123.10 is the correct IP address of the server, the 192.168.0.200 was the temporary address. After seeing this, I temporarily added the .200 IP address on to the server and in to the smb.conf at which point I was once again able to access shares and printers via \\workstation1\share (I had to unjoin and rejoin 2 of the machines from the domain for this to work, the other 3 worked without any changes). But still the only machine that shows up when trying to browse the network is the server itself. When I got to this point I decided to once again remove the .200 IP address from both places and reboot. After rebooting I still am able to access the shares via their UNC paths but still only see the server when I try to browse the domain. If you will look wayyy down right at the bottom of the log file attached (appologies for the long log post but I'm not sure exactly what might be pertenant) there is reference to it not being able to get the workgroup name from domain master browser 192.168.0.200 even though 2 lines above it shows is now a master broweser on subnet 192.168.123.10. I'm sure this is the cause of the problem, but no clue how to rectify it. How can I get this thing to forget that the .200 IP address ever existed. The machine obviously became a master browser under that IP address while it was on the temporary network, and just doesn't want to let go, and such it isn't propagating the browse list properly... it must be something in a cache somewhere because there were no config changes (until this morning when I did so temporarily) which restored the client's network to something functional yet awkward (a user... type a UNC path... correctly... HAHAHA). Thanks again in advance, Mike Log clip follows... There is already a domain master browser at IP 192.168.0.200 for workgroup CASCADE-01 registered on subnet UNICAST_SUBNET. [2004/03/23 10:18:45, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(327) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup CASCADE-01, subnet UNICAST_SUBNET. [2004/03/23 10:18:45, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341) become_domain_master_browser_wins: querying WINS server from IP 192.168.123.10 for domain master browser name CASCADE-011b on workgroup CASCADE-01 [2004/03/23 10:18:46, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(225) become_domain_master_query_success: There is already a domain master browser at IP 192.168.0.200 for workgroup CASCADE-01 registered on subnet UNICAST_SUBNET. [2004/03/23 10:23:46, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(327) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup CASCADE-01, subnet UNICAST_SUBNET. [2004/03/23 10:23:46, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341) become_domain_master_browser_wins: querying WINS server from IP 192.168.123.10 for domain master browser name CASCADE-011b on workgroup CASCADE-01 [2004/03/23 10:23:47, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(225) become_domain_master_query_success: There is already a domain master browser at IP 192.168.0.200 for workgroup CASCADE-01 registered on subnet UNICAST_SUBNET. [2004/03/23 10:27:17, 0] nmbd/nmbd_browsesync.c:domain_master_node_status_fail(247) domain_master_node_status_fail: Doing a node status request to the domain master browser for workgroup CASCADE-01 at IP 192.168.0.200 failed. Cannot sync browser lists. [2004/03/23 10:28:48, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(327) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup CASCADE-01, subnet UNICAST_SUBNET. [2004/03/23 10:28:48, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341) become_domain_master_browser_wins: querying WINS server from IP 192.168.123.10 for domain master browser name CASCADE-011b on workgroup CASCADE-01 [2004/03/23 10:28:48, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(225) become_domain_master_query_success: There is already a domain master browser at IP 192.168.0.200 for workgroup CASCADE-01 registered on subnet UNICAST_SUBNET. [2004/03/23 10:33:32, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396) * Samba name server CAS1 is now a local master browser for workgroup CASCADE-01 on subnet 192.168.0.200 * [2004/03/23 10:33:32, 1] nmbd/nmbd_incomingrequests.c:process_node_status_request(326) process_node_status_request: status request for name CASCADE-011b from IP 192.168.0.200 on subnet UNICAST_SUBNET - name not
[Samba] Trust relationship failed...
I'm hoping someone can give me a hand in figuring out this problem, I have seen several other similar problems in searching, but nothing that exactly matches what I am seeing here. I have recently migrated a client from a Samba server running 2.2.7 (Redhat 9) to 3.0.2 (Fedora 1). The samba installation is running as a PDC for 5 Win XP workstations and was working perfectly prior to the upgrade. When I did the migration I copied the entire contents of the /etc/samba directory across to the new machine (no changes at all). Now that I have done the migration I *CAN* still do the following... - log in to the domain - the user's roaming profiles transfer successfully back and forth to the server - existing mapped drives on the workstations (to shares on the server) work as they always have - can map new shares to the server with no problem But, the following items no longer work... - In XP if I go to entire network and try to view the computers in the domain, only the server shows up... none of the 5 workstations show up in the domain as previously. - Can no longer access printers shared on the workstations - If I try to enter \\workstation1\data (or any of the valid, pre-existing, previously working shares on any of the workstations) from any of the 5 workstations, either via start | run, or via the address bar in My Computer I get an error that states Trust relationship between this workstation and primary domain failed. So, to summarize, all of the workstations see the server just fine but the workstations don't seem to be able to see eachother or their shared resources any longer and complain about the trust problem. Prior to copying the contents of /etc/samba to the new server I did a comparison between the distributed smb.conf file and the old file. I did not see any added or removed keys so I chose to save typing and just use the existing file. The following are the files which I copied over... smb.conf, smbusers, lmhosts, secrets.tdb and smbpasswd. I assumed by doing this that any possible required configuration would get transferred across to the new machine. I have done an in-place upgrade from RH9 to FC1 on another server (rather than doing a clean install and transferrig the configs) and the samba install there worked just fine (also with making no changes from the existing configs), so I'm really lost as to what could be causing this issue. Any hints, tips or suggestions are appreciated. Thanks, Mike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] trust relationship: samba PDC AD in Native Mode
Hi all, I'd have a question: is it possible for a Samba3 server acting as PDC (or AD) for clients win95-98, NT to establish a trust relationship with an Active Directory Win2k working in Native Mode? The aim is to give some old Clients access to some servers belonging a modern AD domain. I made some tests but could not get through. I'm doubtful this may work at all at the status of the art. I would appreciate any positive insight (or link) to get motivation querying the matter (or to leave it at all..) Thanks so much, Gian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] trust relationship between XP(workstation) and the Primarydomian (Samba PDC) failed
Hi you all I have a qustion. I have samba no so that it will allow me to add clients to the domain how ever I can not add users on XP PRO I get the follwing error The user could not be added becuse the following error has occurred: The turst relationship between this workstation and the primary domain failed any one have a idea? below is my samba config David thnx # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2003/01/28 22:11:51 # Global parameters [global] workgroup = HASMDK netbios name = HAS1 server string = Samba PDC Running %v encrypt passwords = Yes null passwords = Yes obey pam restrictions = Yes username map = /etc/samba/user.map log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins lmhosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/sbin/useradd -s /bin/false %u logon script = %U.bat logon path = \\%L\Profiles\%U logon home = \\%L\%U\.profile domain logons = Yes os level = 99 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes default service = netlogon winbind uid = 1-2 [homes] comment = Home Directories read only = No [netlogon] comment = Network Logon Service path = /var/lib/samba/profiles read only = No guest ok = Yes browseable = No root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /var/lib/samba/netlogon root postexec = rm -f /var/lib/samba/netlogon/%U.bat [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. browseable = No [print$] path = /var/lib/samba/printers write list = @adm root [pdf-generator] comment = PDF Generator (only valid users) path = /var/tmp guest ok = Yes printable = Yes print command = /usr/share/samba/scripts/print-pdf %s ~%u %L%u %m %I [public] path = /home/public read only = No create mask = 0777 guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Trust relationship.
Hi, we have a trust relationship between servers in the 2 LAN's of my company, my problem is that (even with problems as I commented in a previous mail) I have somekind of access to the LAN where my Linux machine is connected to, but not to the trusted LAN. Could someone give me a hint about how to get this? Any kind of documentation would be helpful Regards, Juan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship.
Try write more info about your nets... How servers routers yu use ... Best is graficaly as LAN1 (client w2k 1,2,3,4 server 2k server linux) - router - ??? - router - LAN2 ... - Original Message - From: Juan Rosell [EMAIL PROTECTED] To: samba [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 11:03 AM Subject: [Samba] Trust relationship. Hi, we have a trust relationship between servers in the 2 LAN's of my company, my problem is that (even with problems as I commented in a previous mail) I have somekind of access to the LAN where my Linux machine is connected to, but not to the trusted LAN. Could someone give me a hint about how to get this? Any kind of documentation would be helpful Regards, Juan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Trust relationship lost in 2.2.1a repeatedly !
Hi All, I have been using samba 2.2.1a as the PDC, as a logon server for about 100 machines. Till now it has been fine, But for last 2 days all of sudden the trust relationship is lost from few random machines. Then we again have to reregister with SAMBA domain. When first time one m/c logins these are the logs. ## [2002/10/24 09:58:55, 0] rpc_server/srv_lsa.c:api_lsa_open_policy2(47) api_lsa_open_policy2: unable to unmarshall LSA_Q_OPEN_POL2. [2002/10/24 09:58:55, 0] rpc_server/srv_pipe.c:api_rpcTNP(1215) api_rpcTNP: api_ntlsa_rpc: LSA_OPENPOLICY2 failed. [2002/10/24 09:58:55, 0] rpc_server/srv_lsa.c:api_lsa_open_policy(78) api_lsa_open_policy: unable to unmarshall LSA_Q_OPEN_POL. [2002/10/24 09:58:55, 0] rpc_server/srv_pipe.c:api_rpcTNP(1215) api_rpcTNP: api_ntlsa_rpc: LSA_OPENPOLICY failed. [2002/10/24 10:00:51, 0] smbd/nttrans.c:call_nt_transact_ioctl(1798) call_nt_transact_ioctl: Currently not implemented. ## Are these logs OK ? or i need to upgrade. What steps should i follow for such a network. Can anyone help please. Regards, -Yashoo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust relationship lost in 2.2.1a repeatedly !
On Thu, 2002-10-24 at 10:20, Yashpal Nagar wrote: Hi All, I have been using samba 2.2.1a as the PDC, as a logon server for about 100 machines. Till now it has been fine, But for last 2 days all of sudden the trust relationship is lost from few random machines. Then we again have to reregister with SAMBA domain. When first time one m/c logins these are the logs. I suspect it is the lossage is due to a failure in the automatic password changing that the machine accounts go through periodically. I've not heard of this problem before but I suggest an upgrade. brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba