After applying the patch for Bug #2379 I get a different error message from net rpc trustdom establish: vhrz61:~# net rpc trustdom establish HRZ -d3 [2005/03/10 14:04:38, 3] param/loadparm.c:lp_load(3911) lp_load: refreshing parameters [2005/03/10 14:04:38, 3] param/loadparm.c:init_globals(1326) Initialising global parameters [2005/03/10 14:04:38, 3] param/params.c:pm_process(573) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2005/03/10 14:04:38, 3] param/loadparm.c:do_section(3413) Processing section "[global]" [2005/03/10 14:04:38, 1] param/loadparm.c:lp_do_parameter(3154) WARNING: The "min passwd length" option is deprecated [2005/03/10 14:04:38, 2] lib/interface.c:add_interface(81) added interface ip=192.168.3.31 bcast=255.255.255.255 nmask=0.0.0.0 Password:******** [2005/03/10 14:04:58, 3] libsmb/cliconnect.c:cli_start_connection(1397) Connecting to host=NTRZ04 [2005/03/10 14:04:58, 3] lib/util_sock.c:open_socket_out(752) Connecting to 137.248.3.45 at port 445 [2005/03/10 14:04:58, 2] lib/util_sock.c:open_socket_out(789) error connecting to 137.248.3.45:445 (Connection refused) [2005/03/10 14:04:58, 3] lib/util_sock.c:open_socket_out(752) Connecting to 137.248.3.45 at port 139 [2005/03/10 14:04:58, 1] libsmb/cliconnect.c:cli_full_connection(1485) failed session setup with NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT Could not connect to server NTRZ04 [2005/03/10 14:04:58, 3] libsmb/cliconnect.c:cli_start_connection(1397) Connecting to host=NTRZ04 [2005/03/10 14:04:58, 3] lib/util_sock.c:open_socket_out(752) Connecting to 137.248.3.45 at port 445 [2005/03/10 14:04:58, 2] lib/util_sock.c:open_socket_out(789) error connecting to 137.248.3.45:445 (Connection refused) [2005/03/10 14:04:58, 3] lib/util_sock.c:open_socket_out(752) Connecting to 137.248.3.45 at port 139 [2005/03/10 14:04:58, 0] rpc_parse/parse_prs.c:prs_mem_get(537) prs_mem_get: reading data of size 4 would overrun buffer. [2005/03/10 14:04:58, 0] utils/net_rpc.c:rpc_trustdom_establish(4566) WksQueryInfo call failed. [2005/03/10 14:04:58, 2] utils/net.c:main(897) return code = -1 vhrz61:~#
I should add that I have been using 3.0.11 with the #2379 patch applied and 3.0.12pre1 and got the same results. The domain to be trusted runs on NT 4.0.
Could you send a complete sniff of that attempt? tcpdump -i eth0 -n -s 1500 -w /tmp/sniff.cap Thanks, Volker
Created attachment 1025 [details] level 10 debug log
The samba installation is running on a linux vserver (I probably should have said so in the first place) so tcpdumping is not so easy. I'll give it a try.
You can always use ethereal on the target DC. Volker
Created attachment 1028 [details] Proposed patch According to the sniff you sent to me in private, you might have a problem with restrictanonymous. The attached patch avoids the wks_query_info call. If the patch does not work for you, could you please send another sniff? We might have to connect using an authenticated user. Volker
It now says: Could not connect to server NTRZ04 Trust to domain HRZ established or more verbosely # net rpc trustdom establish HRZ -d3 [2005/03/14 12:53:27, 3] param/loadparm.c:lp_load(3911) lp_load: refreshing parameters [2005/03/14 12:53:27, 3] param/loadparm.c:init_globals(1326) Initialising global parameters [2005/03/14 12:53:27, 3] param/params.c:pm_process(573) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2005/03/14 12:53:27, 3] param/loadparm.c:do_section(3413) Processing section "[global]" [2005/03/14 12:53:27, 2] lib/interface.c:add_interface(81) added interface ip=192.168.3.31 bcast=255.255.255.255 nmask=0.0.0.0 Password: [2005/03/14 12:53:35, 3] libsmb/cliconnect.c:cli_start_connection(1397) Connecting to host=NTRZ04 [2005/03/14 12:53:35, 3] lib/util_sock.c:open_socket_out(752) Connecting to 137.248.3.45 at port 445 [2005/03/14 12:53:35, 2] lib/util_sock.c:open_socket_out(789) error connecting to 137.248.3.45:445 (Connection refused) [2005/03/14 12:53:35, 3] lib/util_sock.c:open_socket_out(752) Connecting to 137.248.3.45 at port 139 [2005/03/14 12:53:35, 1] libsmb/cliconnect.c:cli_full_connection(1485) failed session setup with NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT Could not connect to server NTRZ04 [2005/03/14 12:53:35, 3] libsmb/cliconnect.c:cli_start_connection(1397) Connecting to host=NTRZ04 [2005/03/14 12:53:35, 3] lib/util_sock.c:open_socket_out(752) Connecting to 137.248.3.45 at port 445 [2005/03/14 12:53:35, 2] lib/util_sock.c:open_socket_out(789) error connecting to 137.248.3.45:445 (Connection refused) [2005/03/14 12:53:35, 3] lib/util_sock.c:open_socket_out(752) Connecting to 137.248.3.45 at port 139 [2005/03/14 12:53:35, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 Trust to domain HRZ established [2005/03/14 12:53:35, 2] utils/net.c:main(897) return code = 0 # After restarting winbind, "net usersidlist" gives me a list of account entries in the trusted domain(s).
Seems now we're just displaying a failure message when that failure is completely normal (the NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT is expected).
Checked in with Revision 5910. I left the error message in place, this needs more work. As the functionality problem is fixed, I'm closing this bug. Volker
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.