samba - Mar 2005 - Fedora core 2 domain trust account fails

Hello,
Having a problem with trust accounts failing after creation. The following is
the system that I'm running Samba on:

Fedora Core 2
(compiled from source)
Samba 3.0.11
OpenLDAP 2.2.23
BerkeleyDB 4.3.27

Windows 2000 client machine

I have a script to add machine trust accounts to LDAP. The first part adds a
posix Account and attributes to LDAP, the second uses smbpasswd to add the Samba
account and attributes. I use PAM to point to the LDAP directory for user, group
info and authentication.

This method has worked on Samba 3.0.0 with ldap 2.1.30 backend systems fine.

I add the account using root, the account is created in LDAP, and I get a
"Welcome to blah blah domain" message. After I reboot and attempt to
login, I
get a trust account failure error message. I compared the sid for the domain and
the machine account and they are identical. The only password that is created is
sambaNTPassword. The following are attributes that are found in LDAP after
account creation:

[root@fdc2_1 root]# ldapsearch -xv -b "ou=computers,dc=tow,dc=net"
uid=wms-0106$ldap_initialize( <DEFAULT> )
filter: uid=wms-0106$
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <ou=computers,dc=tow,dc=net> with scope sub
# filter: uid=wms-0106$
# requesting: ALL
#
 

# wms-0106$, Computers, tow.net
dn: uid=wms-0106$,ou=Computers,dc=tow,dc=net
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
uid: wms-0106$
cn: wms-0106$
sn: wms-0106$
uidNumber: 8049
gidNumber: 502
homeDirectory: /dev/null
description: Computer
loginShell: /bin/false
sambaSID: S-1-5-21-1129281578-1295143107-3311307472-17098
sambaPrimaryGroupSID: S-1-5-21-1129281578-1295143107-3311307472-515
displayName: wms-0106$
sambaPwdCanChange: 1109349002
sambaPwdMustChange: 2147483647
sambaNTPassword: 6B92BAAA9FAD3E498BF4665F0B42BF95
sambaPwdLastSet: 1109349002
sambaAcctFlags: [W          ]
 
# search result
search: 2
result: 0 Success

Any suggestions?


Kent L. Nasveschuk
Wareham Public Schools

On Tuesday 01 March 2005 11:30 am, kent wrote:
> Hello,
> Having a problem with trust accounts failing after creation. The following
> is the system that I'm running Samba on:
>
> Fedora Core 2
> (compiled from source)
> Samba 3.0.11
> OpenLDAP 2.2.23
> BerkeleyDB 4.3.27
If you read the release notes for 3.0.12pre1 you will see there is a bug with 
interdomain trusts in 3.0.11.  Nobody ever told me that even though I have 
asked repeated on the mailing list.  I wlll save you the time I wasted and 
let you know.

Misty

I haven't read them but I will, thanks.

Kent


Misty Stanley-Jones <misty@borkholder.com> wrote:
> On Tuesday 01 March 2005 11:30 am, kent wrote:
> > Hello,
> > Having a problem with trust accounts failing after creation. The
following
> > is the system that I'm running Samba on:
> >
> > Fedora Core 2
> > (compiled from source)
> > Samba 3.0.11
> > OpenLDAP 2.2.23
> > BerkeleyDB 4.3.27
> 
> If you read the release notes for 3.0.12pre1 you will see there is a bug
with
> interdomain trusts in 3.0.11.  Nobody ever told me that even though I have 
> asked repeated on the mailing list.  I wlll save you the time I wasted and 
> let you know.
> 
> Misty
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>