I have setup a Samba 3.024 server on Solaris. I have successfully
enabled two-way trusts between my samba domain and my legacy PC
Netlink domain. (PC Netlink is the solaris port of NT4 aka Advanced
Server for Unix.) My Samba domain includes 2 Windows 2003 Servers
(One is Windows 2003 SP1, the other is Windows 2003 R2 SP2.) The
PCNL server supports Windows 2000 Servers and XP Pro clients. Last
week, at least with the first server (Windows 2003 SP1) , it seemed
everything was working. Users in one domain could log into servers in
the other domain. I
Not sure what has changed- maybe a windows update, maybe rebooting
the Solaris server, maybe changing something in smb.conf and
forgetting to record it. The trusts still seem valid (in fact I
recreated them.)
If I try to add users from the PCNL domain to the local users on a
Windows 2003 Server in the samba domain, I am prompted for a password
in the legacy domain (which I don't think I should be) then I get the
following error:
_________________________________________________________________________
Select Users, Computers, or Groups :
the following error occured while using the user name and password you
entered. The remote procedure call failed and did not execute.
_________________________________________________________________________
The event log on the PCNL server shows:
_________________________________________________________________________
No domain controller is available for domain E2K for the following reason:
There are currently no logon servers available to service the logon request.
_________________________________________________________________________
The log file on the samba server shows:
_________________________________________________________________________
# tail log.wb-PCNL_DOMAIN
[2007/05/16 13:24:32, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_UNK_IF
received from remote machine PCNL_PDC pipe \lsarpc fnum 0x2!
[2007/05/16 13:24:32, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(601)
cli_pipe_validate_current_pdu: Bind NACK received from remote
machine PCNL_PDC pipe \samr fnum 0x4!
[2007/05/16 13:24:32, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2524)
cli_rpc_pipe_open_schannel_with_key: cli_rpc_pipe_bind failed with
error NT_STATUS_NETWORK_ACCESS_DENIED
[2007/05/16 13:24:32, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(601)
cli_pipe_validate_current_pdu: Bind NACK received from remote
machine PCNL_PDC pipe \lsarpc fnum 0x6!
[2007/05/16 13:24:32, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2524)
cli_rpc_pipe_open_schannel_with_key: cli_rpc_pipe_bind failed with
error NT_STATUS_NETWORK_ACCESS_DENIED
_________________________________________________________________________
I have tried the following options in my smb.conf file, in various combinations.
enable asu support = yes
netbios name = THEMACHINENAME
smb ports = 139
client schannel = no
Winbind is configured
idmap uid = 10000 - 20000
idmap gid = 10000 - 20000
winbind enum users = yes
winbind enum groups = ye
I also have the following set
smb ports = 139
This reduced a lot of errors about "transport endpoint is not
connected." As far as I can tell, PCNL only used NBT (netbios over
tcp/ip) and netbios-free CIFS-over-tcp/ip.
The samba machines and all windows machines are configured to use the
PCNL servers for WINS servers. The wins server have dymanic entries
for the Samba domain and PDC. I have also forced a replication
between the WINS servers to make sure they are consistent.
Any advice?
Thanks