Discussion:
[Samba] accessing samba 3.0b2 using an account from a trusted domain
Eamonn Hamilton
2003-12-01 19:04:04 UTC
Permalink
Hi Folks

When I try and access a samba 3.0b2 server using an account from a
trusted domain, samba denies access and reports "could not fetch trust
account password".

The server is a member server in a domain with a one way trust
relationship to a user domain, which I can list the accounts from using
getent passwd, and net rpc testjoin says the trust is fine.

Does this work yet, as I remember some problems with winbind a while
back?

Cheers,
Eamonn
--
Eamonn Hamilton

Senior Systems Engineer
SAIC
John H Terpstra
2003-12-01 19:04:04 UTC
Permalink
Post by Eamonn Hamilton
Hi Folks
When I try and access a samba 3.0b2 server using an account from a
trusted domain, samba denies access and reports "could not fetch trust
account password".
The server is a member server in a domain with a one way trust
relationship to a user domain, which I can list the accounts from using
getent passwd, and net rpc testjoin says the trust is fine.
Does this work yet, as I remember some problems with winbind a while
back?
Please provide precise details of how you have tested this. It should
work - at least it did shortly before Beta2 when I last tested this.
Please help us to nail this with enough information so we can reproduce
the problem. Thanks.


- John T.
--
John H Terpstra
Email: ***@samba.org
Eamonn Hamilton
2003-12-01 19:04:04 UTC
Permalink
OK, here goes :

In the setup I'm using, the samba server is located in a resource domain
with one way trusts to a number of account domains.

When winbindd is started, it scans for trusted domains and adds them
with the appropriate SIDs, all seems hunky dory. I can examine the
resources on the system using an account in the same domain as the
server thus :

smbclient -U account -L server

with the appropriate password and it works.

When I try and use an account from the trusted domain, using

smbclient -U myname -W user-domain -L server

it reports back
session setup failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO

and the log shows

[2003/07/09 15:04:50, 0] nsswitch/winbindd_pam.c:get_trust_pw(78)
get_trust_pw: could not fetch trust account password for my domain
USER-DOMAIN


The server itself is joined to the domain OK, and a net rpc testjoin
reports OK.Security is set to domain, with the password server being set
to *. A local WINS server is being used, and seems to be operating fine.
I've got restrict anonymous set to 1 and username maps set in a file,
however I've tried without them and it dos the same.

What other information do you require, maybe a debug trace?

Cheers,
Eamonn


I then try and list the services on
Post by John H Terpstra
Post by Eamonn Hamilton
Hi Folks
When I try and access a samba 3.0b2 server using an account from a
trusted domain, samba denies access and reports "could not fetch trust
account password".
The server is a member server in a domain with a one way trust
relationship to a user domain, which I can list the accounts from using
getent passwd, and net rpc testjoin says the trust is fine.
Does this work yet, as I remember some problems with winbind a while
back?
Please provide precise details of how you have tested this. It should
work - at least it did shortly before Beta2 when I last tested this.
Please help us to nail this with enough information so we can reproduce
the problem. Thanks.
- John T.
--
Eamonn Hamilton

Senior Systems Engineer
SAIC
John H Terpstra
2003-12-01 19:04:04 UTC
Permalink
On Wed, 9 Jul 2003, Eamonn Hamilton wrote:

Please email me your smb.conf file. If this looks OK then I'll ask you to
file a bug report.

Cheers,
John T.
Post by Eamonn Hamilton
In the setup I'm using, the samba server is located in a resource domain
with one way trusts to a number of account domains.
When winbindd is started, it scans for trusted domains and adds them
with the appropriate SIDs, all seems hunky dory. I can examine the
resources on the system using an account in the same domain as the
smbclient -U account -L server
with the appropriate password and it works.
When I try and use an account from the trusted domain, using
smbclient -U myname -W user-domain -L server
it reports back
session setup failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
and the log shows
[2003/07/09 15:04:50, 0] nsswitch/winbindd_pam.c:get_trust_pw(78)
get_trust_pw: could not fetch trust account password for my domain
USER-DOMAIN
The server itself is joined to the domain OK, and a net rpc testjoin
reports OK.Security is set to domain, with the password server being set
to *. A local WINS server is being used, and seems to be operating fine.
I've got restrict anonymous set to 1 and username maps set in a file,
however I've tried without them and it dos the same.
What other information do you require, maybe a debug trace?
Cheers,
Eamonn
I then try and list the services on
Post by John H Terpstra
Post by Eamonn Hamilton
Hi Folks
When I try and access a samba 3.0b2 server using an account from a
trusted domain, samba denies access and reports "could not fetch trust
account password".
The server is a member server in a domain with a one way trust
relationship to a user domain, which I can list the accounts from using
getent passwd, and net rpc testjoin says the trust is fine.
Does this work yet, as I remember some problems with winbind a while
back?
Please provide precise details of how you have tested this. It should
work - at least it did shortly before Beta2 when I last tested this.
Please help us to nail this with enough information so we can reproduce
the problem. Thanks.
- John T.
--
John H Terpstra
Email: ***@samba.org
Loading...