Samba in a Multiple-Master Domain Model

Gilmore, William H. (WHGI) WHGI at
Tue Feb 23 21:02:52 GMT 1999

I am currently looking at implementing Samba to provide file access to some
of our UNIX servers from out NT desktop environment and need some guidance
regarding the capabilities of using Domain Authentication with Samba.

Our NT environment is based upon the Microsoft Multiple-Master Domain model.
In essence, all user accounts are defined in domains MD1 and MD2.  All
network resources are place in resource domains such as CITY1, CITY2, etc.
The desktop machines are also placed in the resource domains (i.e. CITY1,
etc.).  A one way trust from the resource domains to the master accounts
domains is in place.  When the desktop users on MACH1 which is a member of
resource domain CITY2 logs in they authenticate to MD1 or MD2 dependent upon
where their account is.

My question is, if I install Samba on UNIX1 and make it a memer of the
resource domain CITY1, will it allow acess to user ids that are located in
the MD1, MD2, etc domains.

As a much less attractive alternative, I can setup Samba to use user
authentication and a hosts equiv file to provide seamless interface to my
users, but this does depend upon the user machine for authentication.  If I
can limit the client machines to be on WinNT machines, this would be

Two questions here.

Is there any way to limit authentication to be NT1 and only NT1?

Has anybody used user security with host equiv and go it working right?  My
quick tests indicate that a user is still prompted for a passwd.

Thanks in advance.


PS:  If you are wondering about why the multiple master domain model, it is
the recommended implementation for large organizations (i.e. more the 15,000
IDs in a domain).

More information about the samba-ntdom mailing list