trust between two samba-tng pdcs?

Luke Kenneth Casson Leighton lkcl at samba.org
Wed Jul 5 17:53:27 GMT 2000


> Well, for interdom trusts you don't need _direct_ admin
> acces.

ah, in that case you will need local admin.

for sever wksta, you need two admin accounts and two admin passwords.

for inter-dom, you need one, and the trusting passwd.

> You give the admin of the other pdc a phone call, he
> sets up the other side and gives you a pw for the trust,
> then you setup your side with that pw.
> 
> Okay, let's say, we have ntdom with ntpdc and sambadom with
> sambapdc.
> 
> In these examples here, we want the sambapdc to trust the
> ntpdc. So what happens:
> 
> sambaadmin asks the ntadmin to do his stuff.
> 
> ntadmin does the stuff in the usrmgr, what effectively
> happens is:
> ntpdc> createuser -i sambadom$ -p foosecret
> 
> sambaadmin now knows the pw.
> 
> he must 
> a) create a NTDOM.SID
> b) setup the lsasecret to contain the pw (foosecret), so
>    samba can use the trust-relationship.
> 
> So? How to do that from rpcclient?

i forget :)  there is a -i [inter-domain] option to createuser.  i haven;t
set up an inter-domain trust relationship for about 6 months.



More information about the samba-ntdom mailing list