I'm not sure if my last email was correctly posted, because I can't see
it in this thread and I didn't get any further reply till now, therefore
I'm repeating it here again - sorry for the inconvenience caused :
I've added it in the way as described in 2.
smbpasswd -r XXX -j TELIT -U mydomainuser
and I got the message successfully joined domain telit (or something similar)
XXX - here this is the same server, which I use with security = server and this
is the PDC of the win2k domain
I don't know what kind of account has the machine in the win2k domain - as I
said I don't have any direct access to the domain administration of the
win2k side... What type of account should the machine have in the win2k domain
in order domain authentication to be able to work ?
Tks,
Ilko
-----Urspr?ngliche Nachricht-----
Von: John H Terpstra [mailto:jht@samba.org]
Gesendet: Wednesday, July 09, 2003 3:34 PM
An: Ilko Iliev
Cc: samba@lists.samba.org
Betreff: Re: [Samba] authentication from win2k DC
On Wed, 9 Jul 2003, Ilko Iliev wrote:
> Hi,
>
> I've followed the instructions in the chapter 8 of the documentation to
> connect my AIX 4.3.3 machine with Samba 2.2.8.1 (taken from bull as
> binary for AIX).
> The server is in the domain now, but the domain users can't log on to
> the samba server. The first problem in the log file is:
>
> [2003/07/08 18:00:46, 0] smbd/password.c:domain_client_validate(1558)
> domain_client_validate: could not fetch trust account password for
> domain TELIT
>
> What exactly has to be done on the Win2k side? I don't have
> administrator privileges (we are using corporate domain and I have to
> give exact instructions to the domain administrator according our samba
> server), but my account has privileges to add machines to the domain and
> I've added the samba server with this account. If I change the security
> = server and use as password server the PDC server the domain users will
> be successfully authenticated.
Sorry. Not enough information provided.
1. How did you add 'the account' to the domain?
1a. If done using the Server manager or the MMC Computer Manager, what
type of account did you add? A workstation account or a domain controller
(PDC or BDC)?
1b. If done by joining the domain from the samba end, exactly what command
did you execute?
2. To join the domain you need to do:
smbpasswd -r 'PDC_NAME' -j telit -U'administrative_account'
You should succeed with the account that can add machines to the domain.
- John T.
>
> My global section of the smb.conf:
>
> [global]
> workgroup = TELIT
> server string = Samba Server
> encrypt passwords = Yes
> security = domain
> password server = *
> log file = /var/adm/samba/log.%m
> max log size = 50
> dns proxy = No
> wins server = 10.7.2.4
> hosts allow = 10.70.34.0/255.255.255.0 127.0.0.1
> code page directory = /usr/local/lib/codepages
> smb passwd file = /usr/local/private
> lock dir = /var/adm/samba/locks
> pid directory = /var/adm/samba/locks
> winbind separator = +
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> smb passwd file = /etc/smbpasswd
> ;log level = 3
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> netbios name = ccdev1
>
> A note: with winbind a list of the domain groups and users can be
> obtained from the samba server using winfo -u and winfo -g
>
> Any help will be appreciated !
>
> Tks,
> Ilko
>
>
> Dipl.-Ing. Ilko ILIEV
> application developer
>
> CureComp IT-Solutions GmbH
> Hafenstr. 47-51
> A-4040 Linz, Austria
>
> Tel : +43-(0)70-9015-5562
> Fax : +43-(0)70-9015-5579
> Mobile: +43-(0)664-8209556
> mailto: <mailto:i.iliev@curecomp.com> i.iliev@curecomp.com
> <http://www.curecomp.com> www.curecomp.com,
> <http://www.clevercure.com> www.clevercure.com
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
--
John H Terpstra
Email: jht@samba.org