samba - Oct 2003 - security=domain problem: "could not fetch trust account password for domain"

When configuring a SunOS 5.9 box running Samba 2.2.8a with security=domain,
as per
http://us2.samba.org/samba/docs/using_samba/ch04.html#samba2-CHP-4-SECT-7 I
get the following error "could not fetch trust account password for
domain"
when trying to connect to a share via 'net use * \\server\share
/user:domain\username'

However, 'security=user' works correctly.  'security=domain'
will fall back
onto the user's smbpasswd successfully.  I'm configuring the box to be a
domain member, not a PDC.  We do not have WINS setup on the box.


A sample error log entry is:
[2003/10/23 12:22:07, 0] smbd/password.c:domain_client_validate(1558)
  domain_client_validate: could not fetch trust account password for domain
TESTINSTALL.COM


smb.conf is:

[global]
      server string         = Samba %v on %h
      log level             = 2
      log file              = /usr/local/samba/var/log.%m.%U
      max log size          = 1024
      browsable             = yes
      getwd cache           = yes
      workgroup             = TESTINSTALL.COM
      netbios name          = MYSERVER
      encrypt passwords     = yes
      os level              = 0
      domain master         = no
      local master          = no
      preferred master      = no
      security              = domain
      username map          = /usr/local/samba/lib/username.map
      password server       = dc dc.testinstall.com
      oplocks               = false
      level2 oplocks        = false
      kernel oplocks        = false
#      socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=8192 SO_SNDBUF=8192

[vobs]
 path = /vobs
 writable = true
 case sensitive = false
 preserve case = true
 force group = vobuser
 comment = ClearCase VOB(s)
 browsable = yes
 public = yes
 create mask = 0775
 directory mask = 0775

On Fri, 2003-10-24 at 03:41, Reedick, Andrew wrote:
> When configuring a SunOS 5.9 box running Samba 2.2.8a with security=domain,
> as per
> http://us2.samba.org/samba/docs/using_samba/ch04.html#samba2-CHP-4-SECT-7 I
> get the following error "could not fetch trust account password for
domain"
> when trying to connect to a share via 'net use * \\server\share
> /user:domain\username'
> 
> However, 'security=user' works correctly. 
'security=domain' will fall back
> onto the user's smbpasswd successfully.  I'm configuring the box to
be a
> domain member, not a PDC.  We do not have WINS setup on the box.
> 
> 
> A sample error log entry is:
> [2003/10/23 12:22:07, 0] smbd/password.c:domain_client_validate(1558)
>   domain_client_validate: could not fetch trust account password for domain
> TESTINSTALL.COM
Have you joined the domain with 'smbpasswd -j -r PDC -Uadministrator'?

This message indicates that the shared secret between your server and
the DC cannot be found in the secrets.tdb.   Joining the domain (as
indicated in the docs) sets up this secret.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20031026/d2490218/attachment.bin