SEO

Hello:
Sorry for my English, i'm spanish.
We have AIX 5.2 and samba 3.0.1. In addition we have a PDC Windows
NT 4,0, call SERVIDOR_NT, with domain WINDOM. All the users do logon in
domain WINDOM.

I have created with samba a domain in Aix, in a server SERVIDOR_AIX,
with samba call AIXDOM (workgroup=AIXDOM, security=User).

In another Aix machine, call SHARES_AIX, I have resources that I want to
share by means of samba(workgroup=AIXDOM, security=Domain).

I need that the WINDOM users accede to this resource and for it I used
winbind, but does not work. wbinfo -u return "Error looking up domain
users". I understand that winbind would have to be executing in
SHARES_AIX.

When i configure samba with (workgroup=WINDOM, security=domain)
everything it works well.

i have WINDOM how trusted domain of AIXDOM.("net rpc trustdom
establish -S servidor_nt -U administrador" in SERVIDOR_AIX)

¿What step I have doing badly?

smb.conf:
SERVIDOR_AIX:
[global]
workgroup = AIXDOM
netbios name = SERVIDOR_AIX
server string = Sistema AIX 5L - N15
interfaces = 172.30.10.15/24
map to guest = Bad User
passdb backend = tdbsam
guest account = p01adm
passwd program = /usr/bin/passwd %u
passwd chat = \*New*password* %n\n *new*password* %n\n
username map = /usr/local/samba/lib/usermap.conf
username level = 5
log level = 2
log file = /usr/local/samba/var/log/log.%m
max log size = 50
announce version = 4.0
announce as = NT Workstation
name resolve order = wins lmhosts host
lpq cache time = 60
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/bin/mkuser pgrp=sapsys groups=sapsys
su=false home=/home/pdc/%u shell=/bin/false gecos=%u
account_locked=true login=false rlogin=false %u
add group script = /usr/bin/mkgroup -A %g
add user to group script = /usr/bin/chuser pgrp=%g groups=%g %u
set primary group script = /usr/bin/chuser pgrp=%g
add machine script = /usr/bin/mkuser pgrp=sapsys groups=sapsys
su=false home=/home/pdc/%u shell=/bin/false gecos=%u
account_locked=true login=false rlogin=false %u
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
wins server = 172.30.1.20
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
hosts deny = 0.0.0.0


SHARES_AIX:
[global]
workgroup = AIXDOM
security = domain
netbios name = SHARES_AIX
server string = Sistema AIX 5L - SHARES_AIX
interfaces = 172.30.10.7/24
allow trusted domains = yes
map to guest = Bad User
password server = *
guest account = p01adm
passdb backend = tdbsam
username level = 5
username map = /usr/local/samba/lib/usermap.conf
log level = 2
log file = /usr/local/samba/var/log/log.%m
max log size = 50
announce version = 4.0
announce as = NT Workstation
name resolve order = wins lmhosts host
lpq cache time = 60
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 64
wins server = 172.30.1.20
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
hosts allow = 172.30.0.0/255.255.248.0
hosts deny = 0.0.0.0
default case = upper
preserve case = No

[interfaces]
comment = xinter
path = /interfaces
valid users = WINDOM\Juan_SR
read only = No
create mask = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770
veto files = /lost+found/ARCHIVING/

---------------------------


Thank's

<juan.sanchez@unycop.es> wrote in message
news:N_Pcc.3436$9c.232204@news.ono.com...
> Hello:
> Sorry for my English, i'm spanish.
> We have AIX 5.2 and samba 3.0.1. In addition we have a PDC Windows
> NT 4,0, call SERVIDOR_NT, with domain WINDOM. All the users do logon in
> domain WINDOM.
>
> I have created with samba a domain in Aix, in a server SERVIDOR_AIX,
> with samba call AIXDOM (workgroup=AIXDOM, security=User).
>
> In another Aix machine, call SHARES_AIX, I have resources that I want to
> share by means of samba(workgroup=AIXDOM, security=Domain).
>
> I need that the WINDOM users accede to this resource and for it I used
> winbind, but does not work. wbinfo -u return "Error looking up domain
> users". I understand that winbind would have to be executing in
> SHARES_AIX.
>
> When i configure samba with (workgroup=WINDOM, security=domain)
> everything it works well.
>
> i have WINDOM how trusted domain of AIXDOM.("net rpc trustdom
> establish -S servidor_nt -U administrador" in SERVIDOR_AIX)
>
> ¿What step I have doing badly?
>

Hi,

First of all, why such a complicated setup with two domains? Just joining
the Samba server to the domain as a member server is a lot easier.

When you created the trust relationship between the two domains, what was
the output of the command? Did the log files show anything? (Samba has a
very good logging system).

Judging from your configurations and the information you posted, you run two
different security modes... don't do that. Run everything as
security=domain.

regards,
Rob

> Hi,
>
> First of all, why such a complicated setup with two domains? Just joining
> the Samba server to the domain as a member server is a lot easier.
>
> When you created the trust relationship between the two domains, what
was
> the output of the command? Did the log files show anything? (Samba
has a
> very good logging system).
>
> Judging from your configurations and the information you posted, you
run two
> different security modes... don't do that. Run everything as
> security=domain.
>
> regards,
> Rob

Hi,

The reason by that there are two domains must to that the domain of
samba AIXDOM is of a company and the one of WINDOM is of another
one. In fact, there is another dominion more, than I have not put not to
complicate it. The one of both security ways must to that he is not
recommendable to put security=domain when samba is PDC(testparm say
it), for that reason I must security=user. In the other server
security=domain because I want that the authentication makes samba PDC
(AIXDOM) or Windows PDC(WINDOM).

I believe that that is correct. In logs he appears to me in
log.172.30.10.15 (172,30,10,15 are the external interface of samba PDC)
the following thing:
[ 2004/04/07 10:02:27, 2 ] passdb/secrets.c:secrets_get_trusted_domains
(625) Secrets record SECRETS/$DOMTRUST.ACC/WINDOMDOM^P is invalid!

and in log.winbindd:
[2004/04/07 10:03:24, 0] nsswitch/winbindd_sid.c:winbindd_lookupname
(111)
could not find domain entry for domain WINDOM


Thanks!

The problem is :
Create the file lmshost in /usr/local/samba/lib with
IP SERVIDOR_NT
Run the command :
net join -S servidor_nt -U administrador
And :
wbinfo --set-auth-user administrador%password