[Samba] Domain trusts and samba member servers

[Steve Chupack]

Below is something I posted a while ago and got no responses... Maybe it was too convoluted for anyone to bother with, so let me try and put it more simply.

I have a Win Server 2008 AD box (NEWDOMAIN) which is trusted by my samba DC (OLDDOMAIN). Users on NEWDOMAIN can access resources on the OLDDOMAIN DC just fine. But the trust relationship is not recognized or respected by my samba member servers in OLDDOMAIN.

So, very simply put, even if nobody has the specific howto: Do samba member servers understand interdomain trusts? 

Thanks for any and all input -- I am at a standstill with a fairly major project and any help at all would be greatly appreciated. I have a suspicion it has something to do with winbind on the member servers, but I'm having no luck.




On Thu, 6 Aug 2009 08:39:51 -0400
Steve Chupack <steve.chupack at dealer.com> wrote:

> I'm in the process of migrating from a Samba PDC to a Win2k3 PDC (all member servers will remain as Samba boxes).
> 
> NEWDOMAIN = new Win2k3 PDC 
> OLDDOMAIN = current samba PDC
> OLDDOMAIN_MEMBER = a current samba box that's a member of OLDDOMAIN
> 
> I've successfully established a trust relationship between OLDOMAIN and NEWDOMAIN where OLDDOMAIN trusts NEWDOMAIN. Users in NEWDOMAIN have full access to resources on the OLDDOMAIN PDC.
> 
> Where I'm stuck is granting access to OLDDOMAIN_MEMBER to users in NEWDOMAIN. OLDDOMAIN_MEMBER is joined to OLDDOMAIN and works as expected (Users in OLDDOMAIN can access resources on OLDDOMAIN_MEMBER. But users in NEWDOMAIN do not.
> 
> Can someone help with the general concept here? Should it work as I've configured it? Does OLDDOMAIN_MEMBER need to be running winbind against OLDDOMAIN PDC, or even NEWDOMAIN? (although I don't see how the latter would work without moving OLDDOMAIN_MEMBER to NEWDOMAIN).
> 
> Sorry if this is confusing -- tried to make it as clear as possible.
> 
> Steve