Developers, I hope I am not giving you another item that is already resolved in CVS somewhere (my CVS skills are rusty), but here is what I have found with respect to a trust relationship using an LDAP backend with 3.0a21.
I have this: 1. NT Domain: NTDOMAIN 2. Samba Domain: SMBDOMAIN I want my NT domain to trust my SAMBA domain. So I create the user account (posixAccount objectClass only) for my NT domain in the LDAP directory: dn: uid=NTDOMAIN$, dc=example, dc=org objectclass: top objectclass: posixAccount uid: NTDOMAIN$ uidNumber: ... gidNumber: ... and so on. I tell Samba to setup this as a new trust: net rpc trustdom add COMMUNICATION -U Administrator Which succeeds and updates the above LDIF with the usual sambaAccount attributes, including this one: acctFlags: [I ] I tell Samba to set the initial password for this account: $ smbpasswd NTDOMAIN$ New Password: ... Which also succeeds. Then I go to my NT domain controller, fire up User Manager, and tell it to trust my SMBDOMAIN system, which appears to succeed but gives me a warning about verification of the trust failing. But the trust doesn't work just yet. If I look at my LDIF again at this point, I see that 'acctFlags' has been changed to: acctFlags: [U ] So I go in with my favorite tool and change it back to: acctFlags: [I ] And now my trust works. But I had to make that last manual change to the LDAP entry for NTDOMAIN$ to make the trust actually function. Did I do something wrong in my setup, or should the 'smbd' that received the trust request from my NT PDC have not changed that flag from 'I' to 'U'? Thanks again, Matt
