Hi,

after whole day hitting my head into wall I decided to ask advise from
clever people:

My aim is to have two way trusts between two samba domains 3.0.25 and 3.0.28
I did: net rpc trustdom add and establish on both domains. It did not
went ok, but problem was with creating ldap accounts for domains. I
created them manually.
Now I have kind of working trusts:
# net rpc trustdom list
Password:
Trusted domains list:
SIMPLE            S-1-5-21-4169227953-3400459336-1793241584
none
Trusting domains list:
SIMPLE            S-1-5-21-4169227953-3400459336-1793241584

This is the same on both domains.
Then I faced a problem, that when I try to access workstation from
other domain it says I canot and samba logs were complaining that user
sid and group sid do not match and samba cannot handle it. I found on
google, that I must have winbind working in order to solve this. I
installed winbind and on one domain it is working - I can get a list
of foreign users with wbinfo -u, and it seems to solve my workstation
browsing. But I cannot get it working on the other domain.
these are wbinfo messages:
# wbinfo -u
Error looking up domain users
# wbinfo -m
Could not list trusted domains
# wbinfo --all-domains
# wbinfo --getdcname=SIMPLE
Could not get dc name for SIMPLE
# net lookup dc simple
192.168.62.22

This is what I get with winbindd -S -n -i
Processing section "[Finansai]"
adding IPC service
added interface ip=192.168.62.21 bcast=192.168.62.255 nmask=255.255.255.0
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
added interface ip=192.168.62.21 bcast=192.168.62.255 nmask=255.255.255.0
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
initialize_winbindd_cache: clearing cache and re-creating with version number 1
Added domain REC  S-1-5-21-4050335463-3799486674-3258589777
Added domain BUILTIN  S-1-5-32
get_dc_list: preferred server list: ", *"
fcntl_lock: lock failed at offset 0 count 1 op 6 type 0 (Resource
temporarily unavailable)
get_dc_list: preferred server list: ", *"
fcntl_lock: lock failed at offset 0 count 1 op 6 type 0 (Resource
temporarily unavailable)
get_dc_list: preferred server list: ", *"
fcntl_lock: lock failed at offset 0 count 1 op 6 type 0 (Resource
temporarily unavailable)
[12524]: list trusted domains
rpc: trusted_domains
winbindd_dual_list_trusted_domains: trusted_domains returned
NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND
Could not receive trustdoms
get_dc_list: preferred server list: ", *"
get_dc_list: preferred server list: ", *"
fcntl_lock: lock failed at offset 0 count 1 op 6 type 0 (Resource
temporarily unavailable)
get_dc_list: preferred server list: ", *"
fcntl_lock: lock failed at offset 0 count 1 op 6 type 0 (Resource
temporarily unavailable)
get_dc_list: preferred server list: ", *"
fcntl_lock: lock failed at offset 0 count 1 op 6 type 0 (Resource
temporarily unavailable)

Any ideas?
Maybe there is a procedure how to get samba samba trust working?

Thanks a lot
Liutauras
--
To unsubscribe from this list go to the following URL and read the
instructions:   https://lists.samba.org/mailman/options/samba

thanks François,

joining to its own PDC surprises me too ...  but I will try.

Do you mean that winbind should also get info out of its own domain?

Yes, this what I thought, but winbind is complaining that it cannot
find PDC, but net lookup finds it correctly.

To unsubscribe from this list go to the following URL and read the
instructions:   https://lists.samba.org/mailman/options/samba

Great François,

it worked somehow.
I did net join on both domain controllers, then some restarting
winbind and smbd and it worked suddenly. Actually I'm not sure if this
solves my problem with browsing other domain workstations, but this is
what i was struggling all the day.

--
To unsubscribe from this list go to the following URL and read the
instructions:   https://lists.samba.org/mailman/options/samba