Please, read carefuly Samba doc regarding Interdomain Trust:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html

Interdomain trust implies that one Domain will trust another that a user logged into it correctly. Your assumption that user from one Domain should be able to login into another is incorrect. Users from DomainA should login into DomainA but will be able to use resources of the DomainB if DomainB trust DomainA.

Hope it helps,
Igor

Šopík Bronislav wrote:
Hi,
I posted my problem to list but nobody answerd me. I have found a solution of
netsamlogon_cache.tdb but still I have a problem with authentication. I have
changed a smb.conf files. servera:
[global]
workgroup = DOMAINA
netbios name = SERVERA
security = user
passdb backend = smbpasswd
local master = yes
domain logons = yes
os level = 33
domain master = yes
preferred master = yes
log level = 3 allow trusted domains = yes
wins support = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
read only = yes
[Documents]
comment = Dokumenty
path = /export/documents
writeable = yes
browseable = yes
guest ok = yes



serverb:
[global]
workgroup = DOMAINB
netbios name = SERVERB
security = user
passdb backend = smbpasswd
local master = yes
domain logons = yes
os level = 33
domain master = yes
preferred master = yes
log level = 3 allow trusted domains = yes
wins support = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
read only = yes
[Documents]
comment = Dokumenty
path = /export/documents
writeable = yes
browseable = yes
guest ok = yes




loga:
[2004/10/13 16:40:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1541)
api_rpcTNP: rpc command: NET_SAMLOGON
[2004/10/13 16:40:21, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(613)
SAM Logon (Interactive). Domain:[DOMAINA]. User:[EMAIL PROTECTED] Requested
Domain:[DOMAINB]
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[EMAIL PROTECTED] with the new password interface
[2004/10/13 16:40:21, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [EMAIL PROTECTED]
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] libsmb/namequery_dc.c:rpc_dc_name(145)
rpc_dc_name: Returning DC SERVERB (192.168.100.11) for domain DOMAINB
[2004/10/13 16:40:21, 3] libsmb/cliconnect.c:cli_start_connection(1376)
Connecting to host=SERVERB
[2004/10/13 16:40:21, 3] lib/util_sock.c:open_socket_out(752)
Connecting to 192.168.100.11 at port 445
[2004/10/13 16:40:21, 3] auth/auth_util.c:make_server_info_info3(1114)
User bronasek does not exist, trying to add it
[2004/10/13 16:40:21, 0] auth/auth_util.c:make_server_info_info3(1122)
make_server_info_info3: pdb_init_sam failed!
[2004/10/13 16:40:21, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [bronasek] -> [bronasek] FAILED
with error NT_STATUS_NO_SUCH_USER
[2004/10/13 16:40:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
free_pipe_context: destroying talloc pool of size 6274
[2004/10/13 16:40:21, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=73cc nwritten=336
[2004/10/13 16:40:21, 3] smbd/process.c:process_smb(1092)
Transaction 39 of length 63
[2004/10/13 16:40:21, 3] smbd/process.c:switch_message(887)
switch message SMBreadX (pid 10156) conn 0x83d8040
[2004/10/13 16:40:21, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=73cc min=1024 max=1024 nread=96


logb:

[2004/10/13 16:17:06, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(620)
SAM Logon (Network). Domain:[DOMAINB]. User:[EMAIL PROTECTED] Requested
Domain:[DOMAINB]
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[EMAIL PROTECTED] with the new password interface
[2004/10/13 16:17:06, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [EMAIL PROTECTED]
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: sam authentication for user [bronasek] succeeded
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [bronasek] -> [bronasek] ->
[bronasek] succeeded
[2004/10/13 16:17:06, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
free_pipe_context: destroying talloc pool of size 4844
[2004/10/13 16:17:06, 3] smbd/process.c:process_smb(1092)
Transaction 10 of length 45
[2004/10/13 16:17:06, 3] smbd/process.c:switch_message(887)
switch message SMBclose (pid 8110) conn 0x83d7328
[2004/10/13 16:17:06, 3] smbd/process.c:process_smb(1092)
Transaction 11 of length 43
[2004/10/13 16:17:06, 3] smbd/process.c:switch_message(887)
switch message SMBulogoffX (pid 8110) conn 0x0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/reply.c:reply_ulogoffX(1255)
ulogoffX vuid=100
[2004/10/13 16:17:06, 3] smbd/process.c:process_smb(1092)
Transaction 12 of length 45
[2004/10/13 16:17:06, 3] smbd/process.c:switch_message(887)
switch message SMBclose (pid 8110) conn 0x83d7328
[2004/10/13 16:17:06, 2] smbd/uid.c:change_to_user(219)
change_to_user: Invalid vuid used 100 in accessing share IPC$.
[2004/10/13 16:17:06, 3] smbd/error.c:error_packet(145)
error packet at smbd/process.c(941) cmd=4 (SMBclose) eclass=2 ecode=91
[2004/10/13 16:17:06, 3] smbd/process.c:process_smb(1092)
Transaction 13 of length 39
[2004/10/13 16:17:06, 3] smbd/process.c:switch_message(887)
switch message SMBtdis (pid 8110) conn 0x83d7328
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/service.c:close_cnum(837)
192.168.100.10 (192.168.100.10) closed connection to service IPC$
[2004/10/13 16:17:06, 3] smbd/connection.c:yield_connection(69)
Yielding connection to IPC$
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/process.c:timeout_processing(1332)
timeout_processing: End of file from client (client has disconnected).
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 2] smbd/server.c:exit_server(571)
Closing connections
[2004/10/13 16:17:06, 3] smbd/connection.c:yield_connection(69)
Yielding connection to [2004/10/13 16:17:06, 3] smbd/connection.c:yield_connection(76)
yield_connection: tdb_delete for name failed with error Record does not
exist.
[2004/10/13 16:17:06, 3] smbd/server.c:exit_server(614)
Server exit (normal exit)


Please don't you know what can I try???

Besr regards, Sopik Bronislav




Citace z emailu od rruegner <[EMAIL PROTECTED]>:


Hi netsamlogon_cache.tdb
must exist usally under /var/lib/samba
if it isnt i guess your samba packs arent well compiled
try to touch it so that it exist


this tdb file as well as other ones needs to be there

to proper funktion, unfortunally
i don t know if this one is craeted at compile-start-or establish trust time but it must exist.
for this tdbs there is no reference to the smb.conf they must simply exist cause they are hard coded and created to compile
which samba version/packs and linux distro do you use ?
maybe netsamlogon_cache.tdb is there and simply needs a chmod to access write.
Perhaps you should post this to the list
cause it seems that your confs are now well enough that here is the failure , the gurus will easily interpret this failure and can help you out
Regards


Šopík Bronislav schrieb:

Hi,
yes I have looked on this pages and now I change the smb.conf files on

both

servers but I when I try logon computer from domaina as user for domainb,

the

log in serverb wrotes me that a authentication was succeded but the

servera

wrotes me this:
[2004/10/11 17:51:02, 0]
libsmb/samlogon_cache.c:netsamlogon_cache_store(123)
netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write!
[2004/10/11 17:51:02, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password:  Authentication for user [abc] -> [abc] FAILED with
error NT_STATUS_NO_SUCH_USER

and i don't uderstand them, netsamlogon_cache.tdb I have not fined on

server.


Here are my smb.conf:
[global]
workgroup = DOMAINA
netbios name = SERVERA
security = user
passdb backend = tdbsam:/var/lib/samba/passdb.tdb local master = yes
domain logons = yes
os level = 33
domain master = yes
preferred master = yes
log level = 3 allow trusted domains = yes
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
read only = yes
[Documents]
comment = Dokumenty
path = /export/documents
writeable = yes
browseable = yes
guest ok = yes



[global]
workgroup = DOMAINB
netbios name = SERVERB
security = user
passdb backend = tdbsam:/var/lib/samba/passdb.tdb local master = yes
domain logons = yes
os level = 33
domain master = yes
preferred master = yes
log level = 3 allow trusted domains = yes
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
read only = yes
[Documents]
comment = Dokumenty
path = /export/documents
writeable = yes
browseable = yes
guest ok = yes


Need I a winbind for authenticate user from other domain or no???

Thank you, Sopik Bronislav


Citace z emailu od rruegner <[EMAIL PROTECTED]>:



Hi,
did you look here
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/
special here



http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html

and here
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html

netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write
is this file existing?

Regards

Šopík Bronislav schrieb:


Hi,

great next step. I change the security on both servers to user. Now is

my

configuration:
Servera:
[global]
workgroup = DOMAINA
netbios name = SERVERA
security = user
passdb backend = tdbsam:/var/lib/samba/passdb.tdb encrypt passwords = true
local master = yes
domain logons = yes
os level = 33
domain master = yes
preferred master = yes
dns proxy = no
log level = 3 allow trusted domains = yes
wins support = yes
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes


Serverb:
[global]
workgroup = DOMAINB
netbios name = SERVERB
security = user
passdb backend = tdbsam:/var/lib/samba/passdb.tdb encrypt passwords = true
local master = yes
domain logons = yes
os level = 33
domain master = yes
preferred master = yes
dns proxy = no
log level = 3 allow trusted domains = yes
wins server = 192.168.100.10
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes


but I have still some problems, my log gives me:

[2004/10/11 17:51:02, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(613)
SAM Logon (Interactive). Domain:[DOMAINA].  User:[EMAIL PROTECTED] Requested
Domain:[DOMAINB]
[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/11 17:51:02, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/11 17:51:02, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password:  Checking password for unmapped user
[EMAIL PROTECTED] with the new password interface
[2004/10/11 17:51:02, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/11 17:51:02, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/11 17:51:02, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/11 17:51:02, 3] libsmb/namequery_dc.c:rpc_dc_name(145)
rpc_dc_name: Returning DC SERVERB (192.168.100.11) for domain DOMAINB
[2004/10/11 17:51:02, 3] libsmb/cliconnect.c:cli_start_connection(1376)
Connecting to host=SERVERB
[2004/10/11 17:51:02, 3] lib/util_sock.c:open_socket_out(752)
Connecting to 192.168.100.11 at port 445
[2004/10/11 17:51:02, 3] auth/auth_util.c:make_server_info_info3(1114)
User abc does not exist, trying to add it
[2004/10/11 17:51:02, 0] auth/auth_util.c:make_server_info_info3(1122)
make_server_info_info3: pdb_init_sam failed!
[2004/10/11 17:51:02, 0]

libsmb/samlogon_cache.c:netsamlogon_cache_store(123)


netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write!
[2004/10/11 17:51:02, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password:  Authentication for user [abc] -> [abc] FAILED

with

error


NT_STATUS_NO_SUCH_USER

I am getting to crazy. Please where is a pdc faqs on www.samba.org I have

fined


only a documentation.

Best regards, SopiK Bronislav







hi,
Cannot use ntdomain auth method
when not a member of a domain.

it seems your trust is not working , so the user is not recognized
as a domain member
cause of security = DOMAIN
which is total false , both servers have to be configured as pdcs which

is

security = user
read the pdc faqs
Regards











-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

Reply via email to