Please, read carefuly Samba doc regarding Interdomain Trust: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html
Interdomain trust implies that one Domain will trust another that a user logged into it correctly. Your assumption that user from one Domain should be able to login into another is incorrect. Users from DomainA should login into DomainA but will be able to use resources of the DomainB if DomainB trust DomainA.
Hope it helps, Igor
Šopík Bronislav wrote:
Hi,
I posted my problem to list but nobody answerd me. I have found a solution of
netsamlogon_cache.tdb but still I have a problem with authentication. I have
changed a smb.conf files. servera:
[global]
workgroup = DOMAINA
netbios name = SERVERA
security = user
passdb backend = smbpasswd
local master = yes
domain logons = yes
os level = 33
domain master = yes
preferred master = yes
log level = 3 allow trusted domains = yes
wins support = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
read only = yes
[Documents]
comment = Dokumenty
path = /export/documents
writeable = yes
browseable = yes
guest ok = yes
serverb:
[global]
workgroup = DOMAINB
netbios name = SERVERB
security = user
passdb backend = smbpasswd
local master = yes
domain logons = yes
os level = 33
domain master = yes
preferred master = yes
log level = 3 allow trusted domains = yes
wins support = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
read only = yes
[Documents]
comment = Dokumenty
path = /export/documents
writeable = yes
browseable = yes
guest ok = yes
loga:
[2004/10/13 16:40:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1541)
api_rpcTNP: rpc command: NET_SAMLOGON
[2004/10/13 16:40:21, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(613)
SAM Logon (Interactive). Domain:[DOMAINA]. User:[EMAIL PROTECTED] Requested
Domain:[DOMAINB]
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[EMAIL PROTECTED] with the new password interface
[2004/10/13 16:40:21, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [EMAIL PROTECTED]
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] libsmb/namequery_dc.c:rpc_dc_name(145)
rpc_dc_name: Returning DC SERVERB (192.168.100.11) for domain DOMAINB
[2004/10/13 16:40:21, 3] libsmb/cliconnect.c:cli_start_connection(1376)
Connecting to host=SERVERB
[2004/10/13 16:40:21, 3] lib/util_sock.c:open_socket_out(752)
Connecting to 192.168.100.11 at port 445
[2004/10/13 16:40:21, 3] auth/auth_util.c:make_server_info_info3(1114)
User bronasek does not exist, trying to add it
[2004/10/13 16:40:21, 0] auth/auth_util.c:make_server_info_info3(1122)
make_server_info_info3: pdb_init_sam failed!
[2004/10/13 16:40:21, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [bronasek] -> [bronasek] FAILED
with error NT_STATUS_NO_SUCH_USER
[2004/10/13 16:40:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
free_pipe_context: destroying talloc pool of size 6274
[2004/10/13 16:40:21, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=73cc nwritten=336
[2004/10/13 16:40:21, 3] smbd/process.c:process_smb(1092)
Transaction 39 of length 63
[2004/10/13 16:40:21, 3] smbd/process.c:switch_message(887)
switch message SMBreadX (pid 10156) conn 0x83d8040
[2004/10/13 16:40:21, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=73cc min=1024 max=1024 nread=96
logb:
[2004/10/13 16:17:06, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(620)
SAM Logon (Network). Domain:[DOMAINB]. User:[EMAIL PROTECTED] Requested
Domain:[DOMAINB]
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[EMAIL PROTECTED] with the new password interface
[2004/10/13 16:17:06, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [EMAIL PROTECTED]
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: sam authentication for user [bronasek] succeeded
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [bronasek] -> [bronasek] ->
[bronasek] succeeded
[2004/10/13 16:17:06, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
free_pipe_context: destroying talloc pool of size 4844
[2004/10/13 16:17:06, 3] smbd/process.c:process_smb(1092)
Transaction 10 of length 45
[2004/10/13 16:17:06, 3] smbd/process.c:switch_message(887)
switch message SMBclose (pid 8110) conn 0x83d7328
[2004/10/13 16:17:06, 3] smbd/process.c:process_smb(1092)
Transaction 11 of length 43
[2004/10/13 16:17:06, 3] smbd/process.c:switch_message(887)
switch message SMBulogoffX (pid 8110) conn 0x0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/reply.c:reply_ulogoffX(1255)
ulogoffX vuid=100
[2004/10/13 16:17:06, 3] smbd/process.c:process_smb(1092)
Transaction 12 of length 45
[2004/10/13 16:17:06, 3] smbd/process.c:switch_message(887)
switch message SMBclose (pid 8110) conn 0x83d7328
[2004/10/13 16:17:06, 2] smbd/uid.c:change_to_user(219)
change_to_user: Invalid vuid used 100 in accessing share IPC$.
[2004/10/13 16:17:06, 3] smbd/error.c:error_packet(145)
error packet at smbd/process.c(941) cmd=4 (SMBclose) eclass=2 ecode=91
[2004/10/13 16:17:06, 3] smbd/process.c:process_smb(1092)
Transaction 13 of length 39
[2004/10/13 16:17:06, 3] smbd/process.c:switch_message(887)
switch message SMBtdis (pid 8110) conn 0x83d7328
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/service.c:close_cnum(837)
192.168.100.10 (192.168.100.10) closed connection to service IPC$
[2004/10/13 16:17:06, 3] smbd/connection.c:yield_connection(69)
Yielding connection to IPC$
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 3] smbd/process.c:timeout_processing(1332)
timeout_processing: End of file from client (client has disconnected).
[2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/10/13 16:17:06, 2] smbd/server.c:exit_server(571)
Closing connections
[2004/10/13 16:17:06, 3] smbd/connection.c:yield_connection(69)
Yielding connection to [2004/10/13 16:17:06, 3] smbd/connection.c:yield_connection(76)
yield_connection: tdb_delete for name failed with error Record does not
exist.
[2004/10/13 16:17:06, 3] smbd/server.c:exit_server(614)
Server exit (normal exit)
Please don't you know what can I try???
Besr regards, Sopik Bronislav
Citace z emailu od rruegner <[EMAIL PROTECTED]>:
Hi netsamlogon_cache.tdb must exist usally under /var/lib/samba if it isnt i guess your samba packs arent well compiled try to touch it so that it exist
this tdb file as well as other ones needs to be there
to proper funktion, unfortunally
i don t know if this one is craeted at compile-start-or establish trust time but it must exist.
for this tdbs there is no reference to the smb.conf they must simply exist cause they are hard coded and created to compile
which samba version/packs and linux distro do you use ?
maybe netsamlogon_cache.tdb is there and simply needs a chmod to access write.
Perhaps you should post this to the list
cause it seems that your confs are now well enough that here is the failure , the gurus will easily interpret this failure and can help you out
Regards
Šopík Bronislav schrieb:
Hi, yes I have looked on this pages and now I change the smb.conf files on
both
servers but I when I try logon computer from domaina as user for domainb,
the
log in serverb wrotes me that a authentication was succeded but the
servera
wrotes me this: [2004/10/11 17:51:02, 0] libsmb/samlogon_cache.c:netsamlogon_cache_store(123) netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write! [2004/10/11 17:51:02, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [abc] -> [abc] FAILED with error NT_STATUS_NO_SUCH_USER
and i don't uderstand them, netsamlogon_cache.tdb I have not fined on
server.
Here are my smb.conf:
[global]
workgroup = DOMAINA
netbios name = SERVERA
security = user
passdb backend = tdbsam:/var/lib/samba/passdb.tdb local master = yes
domain logons = yes
os level = 33
domain master = yes
preferred master = yes
log level = 3 allow trusted domains = yes
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
read only = yes
[Documents]
comment = Dokumenty
path = /export/documents
writeable = yes
browseable = yes
guest ok = yes
[global]
workgroup = DOMAINB
netbios name = SERVERB
security = user
passdb backend = tdbsam:/var/lib/samba/passdb.tdb local master = yes
domain logons = yes
os level = 33
domain master = yes
preferred master = yes
log level = 3 allow trusted domains = yes
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
read only = yes
[Documents]
comment = Dokumenty
path = /export/documents
writeable = yes
browseable = yes
guest ok = yes
Need I a winbind for authenticate user from other domain or no???
Thank you, Sopik Bronislav
Citace z emailu od rruegner <[EMAIL PROTECTED]>:
Hi, did you look here http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ special here
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html
and here http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html
netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write is this file existing?
Regards
Šopík Bronislav schrieb:
Hi,
great next step. I change the security on both servers to user. Now is
my
configuration:
Servera:
[global]
workgroup = DOMAINA
netbios name = SERVERA
security = user
passdb backend = tdbsam:/var/lib/samba/passdb.tdb encrypt passwords = true
local master = yes
domain logons = yes
os level = 33
domain master = yes
preferred master = yes
dns proxy = no
log level = 3 allow trusted domains = yes
wins support = yes
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
Serverb:
[global]
workgroup = DOMAINB
netbios name = SERVERB
security = user
passdb backend = tdbsam:/var/lib/samba/passdb.tdb encrypt passwords = true
local master = yes
domain logons = yes
os level = 33
domain master = yes
preferred master = yes
dns proxy = no
log level = 3 allow trusted domains = yes
wins server = 192.168.100.10
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
but I have still some problems, my log gives me:
[2004/10/11 17:51:02, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(613) SAM Logon (Interactive). Domain:[DOMAINA]. User:[EMAIL PROTECTED] Requested Domain:[DOMAINB] [2004/10/11 17:51:02, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/11 17:51:02, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/11 17:51:02, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/11 17:51:02, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/11 17:51:02, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2004/10/11 17:51:02, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2004/10/11 17:51:02, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/11 17:51:02, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/11 17:51:02, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/11 17:51:02, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/11 17:51:02, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/11 17:51:02, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/11 17:51:02, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/11 17:51:02, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/11 17:51:02, 3] libsmb/namequery_dc.c:rpc_dc_name(145) rpc_dc_name: Returning DC SERVERB (192.168.100.11) for domain DOMAINB [2004/10/11 17:51:02, 3] libsmb/cliconnect.c:cli_start_connection(1376) Connecting to host=SERVERB [2004/10/11 17:51:02, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.100.11 at port 445 [2004/10/11 17:51:02, 3] auth/auth_util.c:make_server_info_info3(1114) User abc does not exist, trying to add it [2004/10/11 17:51:02, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/10/11 17:51:02, 0]
libsmb/samlogon_cache.c:netsamlogon_cache_store(123)
netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write! [2004/10/11 17:51:02, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [abc] -> [abc] FAILED
with
error
NT_STATUS_NO_SUCH_USER
I am getting to crazy. Please where is a pdc faqs on www.samba.org I have
fined
only a documentation.
Best regards, SopiK Bronislav
hi, Cannot use ntdomain auth method when not a member of a domain.
it seems your trust is not working , so the user is not recognized as a domain member cause of security = DOMAIN which is total false , both servers have to be configured as pdcs which
is
security = user read the pdc faqs Regards
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
