I have the following situation: Windows XP (SP2) clients connected to a Samba 3 PDC (3.0.7-2.FC2) on the domain "MNET". Also a separate Windows 2003 AD domain "SCH" (using Native Mode). I want to allow users in the AD domain "SCH" to logon to that domain from the XP clients by using their existing credentials and simply choosing the SCH domain in the XP logon dialogue. ie. Users in domain "SCH" accessing resources in domain "MNET". In order to do this I have attempted to establish a one-way trust - the Samba domain trusting the 2003AD domain. I have setup the trust on the AD server (but not verified it) then on the Samba server "net rpc trustdom establish SCH" I then get the following: Password: [entered password] Could not connect to server WOLF [this is the PDC for the SCH domain] Trust to domain SCH established When I then try to logon to the SCH domain, in the way described above, for most accounts it will fail with a bad password error. However if the user account in the SCH domain is set to force password change on next logon it will work - the user is forced to change password and they are then logged in. Other info: The SCH domain is made up of several 2003 servers running in native mode with server WOLF promoted as the PDC. The Samba server is set to use a WINS server in the SCH domain. The SCH domain PDC can be pinged/nslookup/nmblookup from the Samba server. Any help would be greatly appreciated. Lee Baker
Can anyone offer any help on this at all?? -----Original Message----- From: samba-bounces+lbaker=mcauley.org.uk@lists.samba.org [mailto:samba-bounces+lbaker=mcauley.org.uk@lists.samba.org] On Behalf Of Lee Baker Sent: 27 September 2004 12:07 To: samba@lists.samba.org Subject: [Samba] Samba 3 trusting Windows 2003 (Native Mode) I have the following situation: Windows XP (SP2) clients connected to a Samba 3 PDC (3.0.7-2.FC2) on the domain "MNET". Also a separate Windows 2003 AD domain "SCH" (using Native Mode). I want to allow users in the AD domain "SCH" to logon to that domain from the XP clients by using their existing credentials and simply choosing the SCH domain in the XP logon dialogue. ie. Users in domain "SCH" accessing resources in domain "MNET". In order to do this I have attempted to establish a one-way trust - the Samba domain trusting the 2003AD domain. I have setup the trust on the AD server (but not verified it) then on the Samba server "net rpc trustdom establish SCH" I then get the following: Password: [entered password] Could not connect to server WOLF [this is the PDC for the SCH domain] Trust to domain SCH established When I then try to logon to the SCH domain, in the way described above, for most accounts it will fail with a bad password error. However if the user account in the SCH domain is set to force password change on next logon it will work - the user is forced to change password and they are then logged in. Other info: The SCH domain is made up of several 2003 servers running in native mode with server WOLF promoted as the PDC. The Samba server is set to use a WINS server in the SCH domain. The SCH domain PDC can be pinged/nslookup/nmblookup from the Samba server. Any help would be greatly appreciated. Lee Baker -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba