So the samba domain should trust the NT4 domain. On a windows machine
in the NT4 domain, did you use User Manager for Domains to add the samba
domain as a trusting domain?
It seems a little backwards to me, but the domain that wants to be
trusted creates an account for the domain that will trust it.
I would get the following error unless I did the NT4 side 1st:
# net rpc trustdom establish nt4domain
Could not connect to server NT4PDC
The username or password was not correct.
Couldn't verify trusting domain account. Error was
NT_STATUS_LOGON_FAILURE
-------- Forwarded Message --------> From: Sam Wun <swun2010@gmail.com>
> To: samba@lists.samba.org
> Subject: [Samba] Joining NT domain
> Date: Wed, 2 May 2007 10:21:16 +1000
>
> Hi,
>
> I am running samba-3.0.25rc3 in Tru64 5.1B.
> I compiled Samba source with --with-winbind switch.
> My goal of setting up Samba is to allow existing windows user login
> this Tru64 server without further asking password if they have alraedy
> logged in windows, yet with additional user control by adding a line
> "valid users = ..." in each directory section, that way Samba
won't
> allow every logged on windows user login, only allow windows users
> that listed in the "valid users = ..." line.
> Therefore I thought joining Samba to the existing NT domain and also
> adding a line of "valid users=..." in smb.conf may be the
solution.
>
> However when I tried to connect existing NT domain, I got an error:
> # ./net rpc join -S 172.10.40.63
> open_policy failed: NT_STATUS_ACCESS_DENIED
> Password:
>
> Note, I didn't compile Ldap and Kerberos into the Samba.
>
> I welcome any idea about to achieve this goal. If joining the existing
> NT domain is a must thing to do, then I may be most probably need to
> compile Ldap and Kerberos in Samba. If this is the case, do I need to
> further configure OpenLdap and Kerberos in Tru64?
>
> If Openldap and Kerberos is not needed, what should I do to join
> existing Nt domain?
>
> I m very appreciate for every suggestion.
>
> Thanks
> S
