samba - Oct 2003 - SAMBA 3 and Windows2000 mixed mode trust

I have one server windows2000 mixed mode with active directory and samba 
3.0 PDC.
This is my smb.conf
[global]
         workgroup = TESTIPLANET
         netbios name = TEST
         server string = DOMINIO TEST
         interfaces = 10.10.6.158
         bind interfaces only = yes
         preferred master = Yes
         domain master = Yes
         wins support = Yes
         domain logons = yes
         local master = yes
         encrypt passwords = yes
         security = user
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
         ldap suffix = o=test,c=it
         ldap machine suffix = ou=people,o=test,c=it
         ldap user suffix = ou=people,o=test,c=it
         ldap group suffix = ou=group
         ldap admin dn = uid=sambauser,cn=config
         ldap ssl = no
         passdb backend =  ldapsam:ldap://10.10.5.160/ guest
         passwd program = "/sambabin/samba/bin/ldapsync.pl -o %u"
         passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
*modifying*
         unix password sync = Yes
         logon script = %G_%U.bat %G %U
         log level = 0
         logon home          logon path          admin users = @helpdesk
         min password length = 5
         wide links = no

I have create the trust account and the windows 2000 have trust samba 
without problem.
Second: on samba server : net rpc trustdom establish DOMAIN2K
it's  ok.
When I try test my trust on samba log I received this error:
[2003/10/20 12:35:36, 0] 
auth/auth_domain.c:connect_to_domain_password_server(115)
   connect_to_domain_password_server: unable to setup the NETLOGON 
credentials to machine SERVICEDC1. Error was : NT_STATUS_UNSUCCESSFUL.
[2003/10/20 12:35:36, 0] auth/auth_domain.c:domain_client_validate(167)
   domain_client_validate: Domain password server not available.

Any ideas?

Bye Giovanni

Hey Giovanni et al,

I think I'm up against the same wall as you - I posted my problem a couple
of days ago but no one has answered as of yet. I hope people won't mind but
I'm going to repost my mail as it has a debug level 3 output of what is
happening to you - and the combination of both of our information might be able
to help someone provide a solution.

--Begin repost--

Win 2002 PDC: WINPDC, IP 1.2.3.4
Client in Windows Domain: CLIENT
Samba PDC in Domain TEST: SMBPDC

I use Start -> Run -> \\SMBPDC on a machine in our Windows 2000 Domain and
got an error saying "\\SMBPDC, A device attached to the system is not
functioning."

The following is a debug level 3 output from the smbd log on our Samba server in
the Test Domain:

[2003/10/17 12:54:03, 3] smbd/uid.c:push_conn_ctx(287)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2003/10/17 12:54:03, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/10/17 12:54:03, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/10/17 12:54:03, 3] libsmb/namequery_dc.c:rpc_dc_name(147)
  rpc_dc_name: Returning DC WINPDC (1.2.3.4) for domain HOLLAND
[2003/10/17 12:54:03, 3] libsmb/cliconnect.c:cli_start_connection(1290)
  Connecting to host=WINPDC
[2003/10/17 12:54:03, 3] lib/util_sock.c:open_socket_out(690)
  Connecting to 1.2.3.4 at port 445
[2003/10/17 12:54:03, 3] rpc_client/cli_pipe.c:rpc_api_pipe(457)
  Bind NACK received on pipe c000!
[2003/10/17 12:54:03, 2] rpc_client/cli_pipe.c:cli_nt_establish_netlogon(1578)
  rpc bind to \PIPE\NETLOGON failed
[2003/10/17 12:54:03, 0] 
auth/auth_domain.c:connect_to_domain_password_server(115)
  connect_to_domain_password_server: unable to setup the NETLOGON credentials to
machine WINPDC. Error was : NT_STATUS_UNSUCCESSFUL.
[2003/10/17 12:54:03, 3] libsmb/cliconnect.c:cli_start_connection(1290)
  Connecting to host=WINPDC
[2003/10/17 12:54:03, 3] lib/util_sock.c:open_socket_out(690)
  Connecting to 1.2.3.4 at port 445
[2003/10/17 12:54:03, 3] rpc_client/cli_pipe.c:rpc_api_pipe(457)
  Bind NACK received on pipe c00d!
[2003/10/17 12:54:03, 2] rpc_client/cli_pipe.c:cli_nt_establish_netlogon(1578)
  rpc bind to \PIPE\NETLOGON failed
[2003/10/17 12:54:03, 0] 
auth/auth_domain.c:connect_to_domain_password_server(115)
  connect_to_domain_password_server: unable to setup the NETLOGON credentials to
machine WINPDC. Error was : NT_STATUS_UNSUCCESSFUL.
[2003/10/17 12:54:03, 3] libsmb/cliconnect.c:cli_start_connection(1290)
  Connecting to host=WINPDC
[2003/10/17 12:54:03, 3] lib/util_sock.c:open_socket_out(690)
  Connecting to 1.2.3.4 at port 445
[2003/10/17 12:54:03, 3] rpc_client/cli_pipe.c:rpc_api_pipe(457)
  Bind NACK received on pipe 3!
[2003/10/17 12:54:03, 2] rpc_client/cli_pipe.c:cli_nt_establish_netlogon(1578)
  rpc bind to \PIPE\NETLOGON failed
[2003/10/17 12:54:03, 0] 
auth/auth_domain.c:connect_to_domain_password_server(115)
  connect_to_domain_password_server: unable to setup the NETLOGON credentials to
machine WINPDC. Error was : NT_STATUS_UNSUCCESSFUL.
[2003/10/17 12:54:04, 0] auth/auth_domain.c:domain_client_validate(167)
  domain_client_validate: Domain password server not available.
[2003/10/17 12:54:04, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  Authentication for user [pquinney] -> [pquinney]
FAILED
with error NT_STATUS_UNSUCCESSFUL
[2003/10/17 12:54:04, 3] smbd/process.c:timeout_processing(1099)
  timeout_processing: End of file from client (client has disconnected).


If I try and add a user in the Samba domain to the list of users on the
permissions for a share on the Windows PDC I get the same "A device
attached to the system is not functioning."

--End Repost--
 
> From: Giovanni Romanenghi <giovanni@sorint.it>
> Date: 2003/10/20 Mon AM 11:36:08 GMT
> To: samba@lists.samba.org
> Subject: [Samba] SAMBA 3 and Windows2000 mixed mode trust
> 
> I have one server windows2000 mixed mode with active directory and samba 
> 3.0 PDC.
> This is my smb.conf
> [global]
>          workgroup = TESTIPLANET
>          netbios name = TEST
>          server string = DOMINIO TEST
>          interfaces = 10.10.6.158
>          bind interfaces only = yes
>          preferred master = Yes
>          domain master = Yes
>          wins support = Yes
>          domain logons = yes
>          local master = yes
>          encrypt passwords = yes
>          security = user
>          socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>          ldap suffix = o=test,c=it
>          ldap machine suffix = ou=people,o=test,c=it
>          ldap user suffix = ou=people,o=test,c=it
>          ldap group suffix = ou=group
>          ldap admin dn = uid=sambauser,cn=config
>          ldap ssl = no
>          passdb backend =  ldapsam:ldap://10.10.5.160/ guest
>          passwd program = "/sambabin/samba/bin/ldapsync.pl -o %u"
>          passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
> *modifying*
>          unix password sync = Yes
>          logon script = %G_%U.bat %G %U
>          log level = 0
>          logon home >          logon path >          admin users =
@helpdesk
>          min password length = 5
>          wide links = no
> 
> I have create the trust account and the windows 2000 have trust samba 
> without problem.
> Second: on samba server : net rpc trustdom establish DOMAIN2K
> it's  ok.
> When I try test my trust on samba log I received this error:
> [2003/10/20 12:35:36, 0] 
> auth/auth_domain.c:connect_to_domain_password_server(115)
>    connect_to_domain_password_server: unable to setup the NETLOGON 
> credentials to machine SERVICEDC1. Error was : NT_STATUS_UNSUCCESSFUL.
> [2003/10/20 12:35:36, 0] auth/auth_domain.c:domain_client_validate(167)
>    domain_client_validate: Domain password server not available.
> 
> Any ideas?
> 
> Bye Giovanni 

-----------------------------------------
Email provided by http://www.ntlhome.com/

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Giovanni Romanenghi wrote:

| I have create the trust account and the windows 2000
| have trust samba without problem.
|
| Second: on samba server :
|   net rpc trustdom establish DOMAIN2K
| it's  ok.
|
| When I try test my trust on samba log I received this error:
| [2003/10/20 12:35:36, 0]
| auth/auth_domain.c:connect_to_domain_password_server(115)
|   connect_to_domain_password_server: unable to setup the NETLOGON
| credentials to machine SERVICEDC1. Error was : NT_STATUS_UNSUCCESSFUL.
| [2003/10/20 12:35:36, 0] auth/auth_domain.c:domain_client_validate(167)
|   domain_client_validate: Domain password server not available.

I would recommend looking for errors in a level 10 debug log.
The only thing that the above entries tell me is that you are
not running winbindd on the Samba PDC.




cheers, jerry
~ ----------------------------------------------------------------------
~ Hewlett-Packard            ------------------------- http://www.hp.com
~ SAMBA Team                 ---------------------- http://www.samba.org
~ GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
~ "You can never go home again, Oatman, but I guess you can shop
there."
~                            --John Cusack - "Grosse Point Blank"
(1997)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/k+ebIR7qMdg1EfYRAs90AJ9dwkAb6wXdoZbOMJEati0mLS9I5ACfdqI8
jt0C5Ywnbz55pppP/KNDSsY=UxYP
-----END PGP SIGNATURE-----

Excuse me for possibly being stupid, but is winbindd necessary for the 
trust between a samba domain and a windows domain?

Thanks for everyone's help,

Phil.


On Monday, October 20, 2003, at 03:20 PM, giovanni@sorint.it wrote:
> I have add this line in my smb.conf and I have start also winbind 
> daemon,
> and the trust work.
>         winbind uid = 10000-20000
>         winbind gid = 10000-20000
>         winbind use default domain = Yes
>
>
> Bye Giovanni
>