I added the lmhosts entries on both servers for the peer.
`net lookup` works and resolves both.
Next I should add a interdomain account named TRUSTING$ on ATENEOAD AD
smbpasswd -i -a TRUSTING
net rpc trustdom add TRUSTING
work. Error is:
Failed to modify record CN=TRUSTING$,CN=Users,DC=ad,DC=EXAMPLE,DC=org:
Failed to modify CN=TRUSTING$,CN=Users,DC=ad,DC=EXAMPLE,DC=org: Updating
the UF_INTERDOMAIN_TRUST_ACCOUNT bit in userAccountControl is not
permitted over LDAP. This bit is restricted to the LSA
On the other hand, the following works:
/opt/samba$ sudo ./bin/net rpc trust create
other_netbios_domain=TRUSTING otherdomain=TRUSTING trustpw=aPassword
(as Rowland said).
Was there a better way to do it?
Now on TRUSTING PDC I should issue a:
abnormal$ net rpc trustdom establish ATENEOAD
after asking me the trustpw, it works: Trust to domain ATENEOAD established
I was even able to login once as ATENEOAD\francesco on TRUSTING:
francesco@abnormal:/opt/samba$ ./bin/smbclient -UATENEOAD\\francesco -L
Enter ATENEOAD\francesco's password:
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba 4.7.4)
Reconnecting with SMB1 for workgroup listing.
ABNORMAL Samba 4.7.4