[Samba] Samba 3 Trust Relationship with Win2008 AD problem
- Date: Wed, 26 Mar 2008 10:47:10 +0800
- From: "Woon K S" <woonks@xxxxxxxxxxxx>
- Subject: [Samba] Samba 3 Trust Relationship with Win2008 AD problem
I am trying to establish 2 way trust relationship between samba domain and Win2008 AD domain. The trust relationship is established and even verified by both side, but when I try to access samba resources from win2008 domain, it prompts for username and password. However, I can access the win2008 resources from the samba domain without the prompting of username and password.
My win2008 is the RTM version, domain functional level in win2003 mode, DNS and WINS enabled. The trust SID filtering is disabled. Samba version is samba-3.0.28a-0.fc8, server DNS and samba WINS IP pointing to my win2008, winbind disabled.
I also tweak all available options in samba (security, winbind settings, dns proxy, wins enable, etc), it is still the same.
Below are the error messages:[2008/03/25 20:31:39, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641) cli_rpc_pipe_open_schannel: failed to get schannel session key from server WIN2008SRV for domain WIN2008AD. [2008/03/25 20:31:39, 0] auth/auth_domain.c:connect_to_domain_password_server(119) connect_to_domain_password_server: unable to open the domain client session to machine WIN2008SVR. Error was : NT code 0xc0000388.
[2008/03/25 20:31:39, 0] auth/auth_domain.c:domain_client_validate(220) domain_client_validate: Domain password server not available. Below is my smb.conf : [global] workgroup = ITDOM netbios name = RUMBA passdb backend = tdbsam server string = Rumba Server printcap name = /etc/printcap load printers = yes printing = lprng log file = /var/log/samba/%m.log max log size = 0 security = user password level = 6 username level = 4 username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 64 domain master = yes preferred master = yes domain logons = yes logon script = %U.bat logon path = \\%L\Profiles\%U wins server = 192.168.1.100 (win2008 AD server IP) [homes] comment = Home browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no share modes = yes write list = +administrator,+root [Profiles] path = /home/profiles browseable = yes writable = yes guest ok = yes write list = +administrator,+root [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes Below are some diagnostic report: [root@webmail samba]# net rpc trustdom list Password: Trusted domains list: WIN2008AD S-1-5-21-3371021750-61790888-841837805 none Trusting domains list: WIN2008AD S-1-5-21-3371021750-61790888-841837805
From the win2008 "Active Directory Trusts and Domains", when i validate the2 way trust, I get the message "The trust has been validated.It is in place and active." The trusts are good.
Notice: Please be advised that the email domain address of this sender has been changed to xyz@xxxxxxxxxxxx from xyz@xxxxxxxxx with effect from 1st September 2006. The sender's name prefix remains unchanged. This sender invites you to update your e-mail address book accordingly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
- Prev by Date: [Samba] samba3.0.22 - "net setlocalsid" with no effect
- Next by Date: [SAMBA] smbtorture Failed in Windows 2003 server
- Previous by thread: [Samba] samba3.0.22 - "net setlocalsid" with no effect
- Next by thread: [SAMBA] smbtorture Failed in Windows 2003 server
- Index(es):