Помогите настроить доверительные отношения между PDC на Samba и на windows 2000.Есть domain1 на windows 2000 advanced server SP4 в mixed mode и domain2 на samba 3.0.22 FreeBSD 6.1-Release. Настроил доверительные отношения по доке с samba.org.
# net rpc trustdom list
Password:
Trusted domains list:
domain1 S-1-5-21-2071930250-264330630-1221738049
Trusting domains list:
domain1 S-1-5-21-2071930250-264330630-1221738049
Пользователи из domain2 (samba) имеют доступ к ресурсам из domain1 (win). Но пользователи из domain1 не получают доступ к ресурсам из domain2 (при попытке открыть шару с гостевым доступом все равно запрашивается пароль). В лог log.smbsrv попадает (smbsrv - netbios имя samba - сервера):
[2006/06/27 14:52:20, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424)
_net_auth2: creds_server_check failed. Rejecting auth request from client smbsrv machine account domain2$
[2006/06/27 14:52:20, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424)
_net_auth2: creds_server_check failed. Rejecting auth request from client smbsrv machine account domain2$
[2006/06/27 14:52:20, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424)
_net_auth2: creds_server_check failed. Rejecting auth request from client smbsrv machine account domain2$
[2006/06/27 14:52:20, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424)
_net_auth2: creds_server_check failed. Rejecting auth request from client smbsrv machine account domain2$
[2006/06/27 14:52:20, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424)
_net_auth2: creds_server_check failed. Rejecting auth request from client smbsrv machine account domain2$
smb.conf:
# Samba config file created using SWAT
# from 192.168.0.1 (192.168.0.1)
# Date: 2006/06/27 14:22:10
[global]
dos charset = CP866
unix charset = CP1251
display charset = CP1251
workgroup = domain2
server string = domain2 PDC & Backup Server
map to guest = Bad User
null passwords = Yes
passdb backend = tdbsam
guest account = smbguest
log file = /var/log/samba/log.%m
max log size = 1024
time server = Yes
add user script = /usr/sbin/pw useradd -g nogroup -d /nonexistent -s /sbin/nologin -n %u
delete user script = /usr/sbin/pw userdel %u
add group script = /usr/sbin/pw groupadd %g
delete group script = /usr/sbin/pw groupdel %g
add user to group script = /usr/sbin/pw groupmod %g -m %u
delete user from group script = /usr/local/sbin/deleteuserfromgroup %u %g
set primary group script = /usr/sbin/pw usermod %u -g %g
add machine script = /usr/sbin/pw useradd -g 1200 -c Samba-Workstation -d "/nonexistent" -s "/sbin/nologin" -n %u
logon path =
logon home =
domain logons = Yes
os level = 33
domain master = Yes
dns proxy = No
wins server = 192.168.150.2
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
admin users = root
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[netlogon]
comment = Network logon service
path = /usr/local/lib/samba/netlogon
admin users =
guest ok = Yes
browseable = No