I have samba-3.0.2 with tdbsam (I don't remember why I moved on to tdbsam from smbpasswd but something in the past must have required it). When trying to add trusting domain according to Samba HOWTO Collection, page "clxxxvii" (why the heck the pages have such strange Roman hashes instead of numbers?): oberon root # smbpasswd -a -i KEVF_D1 New SMB password: Retype new SMB password: Failed to initialise SAM_ACCOUNT for user KEVF_D1$. Failed to modify password entry for user KEVF_D1$ The instructions seem to work only for those who use smbpasswd. I suggest the documentation maintainer to add similar instructions into the documentation for tdbsam users. My smbconf follows: # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2003/11/19 15:51:41 # Global parameters [global] security = user wins support = no workgroup = KEVF_D4 encrypt passwords = yes domain logons = yes null passwords = yes interfaces = eth1 preferred master = Yes domain master = Yes debuglevel = 3 ldap ssl = no admin users = admin,prech,root,test hosts allow = 195.113.0.0/255.255.0.0 # hide local users = yes name resolve order=lmhosts,bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 unix password sync = yes passwd program = /bin/passwd "%u" passwd chat = *ew*password* %n\n *ew*password* %n\n add user to group script = /usr/local/samba/bin/myaddusertogroup "%u" "%g" add user script = /usr/sbin/useradd -c 'Samba User' -d /dev/null -g smbusers -s /bin/false "%u" add machine script = /usr/sbin/useradd -c 'Machine' -d /dev/null -g machines -s /bin/false "%u" add group script = /usr/local/samba/bin/mygroupadd "%g" delete group script = /usr/sbin/groupdel "%g" delete user script = /usr/sbin/userdel "%u" delete user from group script = /usr/local/samba/bin/mydeleteuserfromgroupscript "%u" "%g" delete user script = /usr/sbin/userdel "%u" map to guest = Bad User passdb backend = tdbsam logon drive = h: logon home = \\oberon\%U logon path = \\oberon\profiles\%U server schannel = yes server signing = auto [netlogon] path=/usr/local/samba/netlogon read only = yes guest ok = yes browseable = yes write list = admin prech root test locking = no public = no csc policy = disable [homes] comment = Home Directories browseable = no writable = yes [admin] comment = Admin Home writable = yes path = /home/admin [root] comment = Root Home writable = yes path = /home/admin [test] comment = test's home writable = yes path = /home/test [linux] comment = Linux Kernel Sources path = /usr/src/linux [profiles] create mode = 0600 csc policy = disable directory mode = 0700 comment = Profiles path = /usr/local/samba/profiles/ profile acls = yes read only = no
On Fri, 2004-02-13 at 22:29, Karel Kulhav? wrote:> I have samba-3.0.2 with tdbsam (I don't remember why I moved on > to tdbsam from smbpasswd but something in the past must have required > it). > > When trying to add trusting domain according to Samba HOWTO Collection, > page "clxxxvii" (why the heck the pages have such strange Roman hashes > instead of numbers?): > > oberon root # smbpasswd -a -i KEVF_D1 > New SMB password: > Retype new SMB password: > Failed to initialise SAM_ACCOUNT for user KEVF_D1$. > Failed to modify password entry for user KEVF_D1$ > > The instructions seem to work only for those who use smbpasswd. I suggest the > documentation maintainer to add similar instructions into the documentation for > tdbsam users.Like all samba users, the domain trust account must exist in /etc/passwd first. The samba utilities are the same, no matter what the backend, be it tdbsam, smbpasswd or ldap. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040213/b73338d0/attachment.bin