Trust relationships, sort of
Joseph Cheek
joseph at cheek.com
Thu Jun 18 20:44:19 GMT 1998
trust relationships are such a hassle with a large number of domains. is
there any type of multi-domain relationship model we can implement that's
better than trust relationships? i get the feeling that ms just made trust
relationships as a bandaid to the entire single-signon/single point of
authentication problem. there have got to be better solutions. any ideas?
joe
--
Joseph Cheek, Director, Cheek Consulting
Computer Network Solutions -- NetWare, Linux, and Internet consulting
Novell and Caldera partners, supporter of Linux in business
joseph at cheek.com, http://www.cheek.com/, (206) 282-2892
-----Original Message-----
From: CAE Samba Admin <caesmb at lab2.cc.wmich.edu>
To: Multiple recipients of list <samba-ntdom at samba.anu.edu.au>
Date: Thursday, June 18, 1998 1:26 PM
Subject: Trust relationships, sort of
>
>Hello,
>
> Slowly, very slowly, we're finding ways to get samba to fit our
>needs around here, but we are constantly running in to problems where I as
>a lab manager would like to be able to administer things like machine
>accounts and shares and such. This cannot be done easily because we
>are using the campus accout database for logins, and as such
>(understandably) the administrators of that system don't want me to be
>able to edit the smb.conf file (becase of that little root preexec thing).
> NT has a solution to things like this call trust relationships.
>Now, I know you don't have trust relationships functioning yet, but as a
>stepping stone, how hard would it be to code in pseudo trust relationships
>between samba servers? Maybe using something like a combo of PDC
>functionality with a "password server" style command. Basically, if a
>user isn't a member of the domain, try against another domain (more or
>less just forward the request as a domain member similar to if you were
>using security = domain).
> I'm just curious if this would be easy to implement or not,
>because I know true trust relationships are too far off to start begging
>for just yet... :)
>
>Kevin
>
>
>
More information about the samba-ntdom
mailing list