[Samba] Samba 3, Domain Trusts, Exchange server
Joe Dougherty
dougherty at nlmof.navy.mil
Wed Jun 18 21:35:21 GMT 2003
Has anyone come up with a series of steps to successfully set up a trust
with a Windows 2000 domain using AD?
I have a Samba 3beta server set up as the PDC for a new domain(OPS). It's on
the same physical network as the Windows domain (ADMIN).
The W2K domain is an AD-based native domain. On that domain is a member
server running NT4 Server and Exchange 5.5. I need to allow user access from
the OPS domain to mail accounts on the Exchange box in the other domain.
I don't need any kind of AD-like features or compatibility on the new OPS
domain. The Samba server will provide all the Windows functionality
necessary to a handful of clients.
I've followed the recommendations in the beta configuration pdf document,
but it only covers setting the trust up using NT4 User Manager. This won't
work in the ADMIN domain, as the Exchange box is not a DC. I attempted to
use the Domain tool on W2K server, but all I wind up with is a bunch of
cryptic errors.
The two domains can browse one another all day, but when I try to do
specific things that require trusts (i.e., establish connections to the
Exchange server for a mialbox in Outlook), I can't get it done.
Any suggestions or advice would be welcome.
Here's my smb.conf:
# Global parameters
[global]
workgroup = OPS
netbios name = JAGUAR
server string = OPS Department Samba DC
security = user
passdb backend = smbpasswd,guest
preferred master = yes
domain master = yes
local master = yes
log level = 2
log file = /usr/local/samba/var/log.%m
max log size = 50
logon path = \\%L\profiles\%U
logon drive = u:
domain logons = Yes
os level = 99
dns proxy = No
admin users = smith
username map = /usr/local/samba/private/username.map
logon script = login.bat
passwd program = /usr/bin/passwd %u
unix password sync = yes
; added 6/16/03
idmap uid = 10000-15000
idmap gid = 10000-15000
[homes]
read only = No
browseable = no
create mask = 0600
directory mask = 0700
[profiles]
path = /profiles
read only = No
create mask = 0600
directory mask = 0700
csc policy = disable
[netlogon]
path = /usr/local/samba/netlogon
admin users = root
write list = root @admins
[shared]
comment = Shared Files Directory
path = /home/shared
read only = no
create mask = 0600
directory mask = 0700
browseable = yes
[storage]
comment = Server Storage Directory
path = /storage
read only = no
create mask = 0600
directory mask = 0700
browseable = yes
valid users = @admins
write list = @admins
More information about the samba
mailing list