Thomas, Daniel J.
2002-Jan-10 11:08 UTC
NT_STATUS_NO_TRUST_SAM_ACCOUNT - but not the common mistake
Hi, I'm a Microsoft Sys Admin trying to help our UNIX Sys Admin join a SUN box running the newest version of Solaris to my NT Domain so that Windows workstations can authenticate through my Domain Controllers to access resources on her Samba shares. We have read through the samba how-to's and consulted two different samba books, and we still have the same issues. First I created a machine account from my PDC for the SUN server named JUNEAU (We were not sure about case so we made sure netbios name=JUNEAU as it appears in the Server Administrator application). Next, we ran the smbpasswd command smbpasswd -j WALNETNT -r MAX where WALNETNT is the name of my domain and MAX is the name of my PDC We get returned an error message which basically says that the creation of the account password failed because of NT_STATUS_NO_TRUST_SAM_ACCOUNT. I've looked through many samba message board threads and answer to this problem is always the same: Make sure you create a new machine account on your PDC for your samba server (I just said I did this). Make sure that the account did not previously exist (There was never a PC or any other machine on my domain named JUNEAU). Both machines are on the same V-LAN and Subnet. They can ping each other. I have a WINS server up and running if it helps any, though the two samba books I read has WINS off in the smb.conf file. The only thing that isn't cut and dry that I can see is that they are not on the same switch. They are located in two different buildings on two different switches, but they both use the same gateway and are on the same subnet and I have no problems adding NT/Win2k machines to the domain from the same area. I do have a BDC for this domain online in that building (on the same switch), but I don't think that helps since the instructions want you to specify a PDC, not a BDC. I'd appreciate any suggestions you can give or any resources you can point me to. Thanks, -Dan Thomas Systems Administrator Johns Hopkins APL Laurel, MD
Andrew Bartlett
2002-Jan-10 14:14 UTC
NT_STATUS_NO_TRUST_SAM_ACCOUNT - but not the common mistake
"Thomas, Daniel J." wrote:> > Hi, > I'm a Microsoft Sys Admin trying to help our UNIX Sys Admin join a SUN box > running the newest version of Solaris to my NT Domain so that Windows > workstations can authenticate through my Domain Controllers to access > resources on her Samba shares.What version of Samba is this? Could you try out either: - 2.2.2 - SAMBA_2_2 CVS - A Samba 3.0 alpha or - HEAD CVS? For the first two, could you try deleting the account on the DC and run 'smbpasswd -j DOMAIN -r PDC -Uadministrator' for the join? This creates the account remotely, and is a tad more reliable. If you decide to get the 3.0 alphas/HEAD cvs the command is 'net rpc join -S PDC -U administrator'. The new command does some better error checking and does a couple of things differently. Hope this helps, Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net