[Samba] Re: allow trusted domains ... howto specifiy domains?
unolinuxguru
unolinuxguru at olug.org
Sat Mar 8 22:37:22 GMT 2003
I would truly appreciate some help on this, it seems even the simplest
things are so complicated!?...
How does one enable samba shares through "allow trusted domains" to users
of an nt4 domain? Has anyone else done this?.. (I would hope so)
see below for what I've tried...
> I am running a samba pdc on host "debianpdc" for domain "linuxdom" and
> have set "allow trusted domains = yes" in my [global] smb.conf file...
> now how do I specify which domains to trust?
>
> I would like to trust an NT4 domain "nt4dom" run by the host "nt4pdc" on
> the same network.
I just need a general overview of what needs to be done please. Looking
at this chart [1] for the process of how authentication to a share is done
from a user in a seperate 'trusted' domain, I do not know what I am
missing, this seems it should be simple enough...
I have an entirely new user "user2" created on the "nt4dom" domain, this
user is completely unkown to the "linuxdom" domain. From a Win98
workstation "user2pc", "user2" can log on fine into "nt4dom" and
everything works.
I now want user2 to access a shared drive (//lnxmbrsvr/share, perms
rwxrwxrwx) on a member server "lnxmbrsvr" in the domain "linuxdom". I
have configured "lnxmbrsvr" to have the following pertinent settings in
it's smb.conf file:
[global]
security = domain
password server = debianpdc
allow trusted domains = yes
add user script = ...(it works in the linuxdom domain)
I have also added a unix+samba machine (trust?) account for the "nt4dom"
primary domain controller "nt4pdc" and user2's workstation "user2pc" on
this linux domain member server "lnxmbrsvr". I have tested and
reloaded+restarted the debianpdc and lnxmbrsvr samba servers.
The nt4pdc has also been configured to trust the 'linuxdom' domain. I see
no helpful output in the samba logs, what am I possibly missing? (When
user2 is logged on at user2pc workstation in nt4dom domain and tries to
access //lnxmbrsvr/share in the linuxdom domain (prompted for
\\LNXMBRSVR\IPC$) and supplies the password for the nt4dom, it still
errors "The password is incorrect. Try again.")
[1] http://samba.linuxbe.org/en/samba/config/domain-1.html#trusted
More information about the samba
mailing list