OK, I think I've hit a misfeature in samba 3.0(release, Debian/sid)
when it comes to using both Samba BDCs and domain trusts. It seems that
the domain trust password is stored in the secrets.pdb on the server
establishing the trust. This, obviously doesn't facilitate BDCs
exercising the trust relationship, or being at all accessable from
workstations on the other side of the trust.
I have a two way trust established between the old Win2k domain and
the new Samba domain I'm trying to transition to. It seems to work, I
can browse shares, etc as a user from the 2k domain, and login as a user
from the Samba domain on any workstation in the 2k domain.
The BDC throws NT_STATUS_CANT_ACCESS_DOMAIN_INFO errors when a
2k-domain workstation tries to access it.
So my big question, is this just something that hasn't been
implemented, or a new odd quirk of NT networking?
- Nick Lopez
nlopez@espri.arizona.edu
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nicolas Lopez wrote: | OK, I think I've hit a misfeature in samba 3.0(release, Debian/sid) | when it comes to using both Samba BDCs and domain trusts. It seems that | the domain trust password is stored in the secrets.pdb on the server | establishing the trust. This, obviously doesn't facilitate BDCs | exercising the trust relationship, or being at all accessable from | workstations on the other side of the trust. Doh! You're absolutely right. Don't know why I didn't think about this. What passdb backend are you using? I'm assuming ldapsam. Could you file a bug for me at https://bugzilla.samba.org/. We'll have to get this fixed. Sorry about that. cheers, jerry ~ ---------------------------------------------------------------------- ~ Hewlett-Packard ------------------------- http://www.hp.com ~ SAMBA Team ---------------------- http://www.samba.org ~ GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~ --John Cusack - "Grosse Point Blank" (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/fH5ZIR7qMdg1EfYRAmZZAKCGHmhhC2PC0R+ij0F6oaqTL7WxPgCbBdEU BP509sn6YiHtMgMEh5rc6pE=PYxK -----END PGP SIGNATURE-----
Hi all I installed samba 2.2.8a with pkgadd for solaris is there anyway to turn on "after the fact" netgroup support? or is there a way to modify the pkgadd package thanks __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com
is there no one out here who can help me ? --- Ben Bays <jamin744@yahoo.com> wrote:> Hi all > I installed samba 2.2.8a with pkgadd for solaris > is there anyway to turn on "after the fact" netgroup > support? or is there a way to modify the pkgadd > package > thanks > > __________________________________ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product > search > http://shopping.yahoo.com > -- > To unsubscribe from this list go to the following > URL and read the > instructions:http://lists.samba.org/mailman/listinfo/samba __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com
Maybe Matching Threads
- RE: Samba PDCs/BDCs and Trusts WAS: auth to two diff PDCs? (succe ss, sort of)
- RE: Samba PDCs/BDCs and Trusts WAS: auth to two diff PDCs? (succe ss, sort of)
- Solaris streams package installation
- RE: Dovecot doesn't call pam_open_session, thus dodging
- Re: Dovecot doesn't call pam_open_session, thus dodging