Hello group, I have 2 Samba PCDs w/ LDAP + winbind called FILESERVER and FUNDUS-SRV for the domains PROFICON and FUNDUS, respectively.
In PROFICON I created a trust account for FUNDUS using net rpc trustdom add FUNDUS <passwd> -U proficon\\administrator which creates the LDAP entry: dn: uid=FUNDUS$,ou=Computers,dc=office,dc=proficon,dc=sk uid: FUNDUS$ sambaSID: S-1-5-21-1419647580-1448962253-3507612647-1036 displayName: Computer objectClass: sambaSamAccount objectClass: account sambaNTPassword: <passwd> sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1217810123 sambaAcctFlags: [I ] When I try to establish the relationship on the FUNDUS PDC with net rpc trustdom establish PROFICON I get the following error: [EMAIL PROTECTED] samba]# net rpc trustdom establish proficon Enter FUNDUS$'s password: Could not connect to server FILESERVER [2008/08/04 02:31:25, 0] utils/net_rpc.c:rpc_trustdom_establish(5836) Storing password for trusted domain failed. Also, the /var/log/samba/fundus-srv.log on FILESERVER reads: [2008/08/04 02:31:25, 5] auth/auth_util.c:make_user_info_map(178) make_user_info_map: Mapping user [PROFICON]\[FUNDUS$] from workstation [FUNDUS-SRV] [2008/08/04 02:31:25, 5] auth/auth_util.c:is_trusted_domain(2021) is_trusted_domain: Checking for domain trust with [PROFICON] [2008/08/04 02:31:25, 2] lib/smbldap.c:smbldap_open_connection(796) smbldap_open_connection: connection opened [2008/08/04 02:31:25, 5] auth/auth_util.c:make_user_info(92) attempting to make a user_info for FUNDUS$ (FUNDUS$) [2008/08/04 02:31:25, 5] auth/auth_util.c:make_user_info(102) making strings for FUNDUS$'s user_info struct [2008/08/04 02:31:25, 5] auth/auth_util.c:make_user_info(134) making blobs for FUNDUS$'s user_info struct [2008/08/04 02:31:25, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2008/08/04 02:31:25, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2008/08/04 02:31:25, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: fundus$ [2008/08/04 02:31:25, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 513 [2008/08/04 02:31:25, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1499) lookup_global_sam_rid: looking up RID 513. [2008/08/04 02:31:25, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1613) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-1419647580-1448962253-3507612647-513] count=0 [2008/08/04 02:31:25, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 513 [2008/08/04 02:31:25, 5] passdb/pdb_interface.c:pdb_default_lookup_rids(1621) lookup_rids: Domain Users:2 [2008/08/04 02:31:25, 4] libsmb/ntlm_check.c:ntlm_password_check(328) ntlm_password_check: Checking NT MD4 password [2008/08/04 02:31:25, 4] auth/auth_sam.c:sam_account_ok(137) sam_account_ok: Checking SMB password for user fundus$ [2008/08/04 02:31:25, 5] auth/auth_sam.c:logon_hours_ok(119) logon_hours_ok: user fundus$ allowed to logon at this time (Mon Aug 4 00:31:25 2008 ) [2008/08/04 02:31:25, 2] auth/auth_sam.c:sam_account_ok(223) sam_account_ok: Domain trust account fundus$ denied by server [2008/08/04 02:31:25, 5] auth/auth.c:check_ntlm_password(272) check_ntlm_password: sam authentication for user [FUNDUS$] FAILED with error NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT [2008/08/04 02:31:25, 3] auth/auth_winbind.c:check_winbind_security(54) check_winbind_security: Not using winbind, requested domain [PROFICON] was for this SAM. [2008/08/04 02:31:25, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [FUNDUS$] -> [FUNDUS$] FAILED with error NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT [2008/08/04 02:31:25, 5] auth/auth_util.c:free_user_info(1951) Any ideas why the password for the trusted domain cannot be stored? TIA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
