trust between two samba-tng pdcs?
Luke Kenneth Casson Leighton
lkcl at samba.org
Wed Jul 5 17:53:27 GMT 2000
> Well, for interdom trusts you don't need _direct_ admin
> acces.
ah, in that case you will need local admin.
for sever wksta, you need two admin accounts and two admin passwords.
for inter-dom, you need one, and the trusting passwd.
> You give the admin of the other pdc a phone call, he
> sets up the other side and gives you a pw for the trust,
> then you setup your side with that pw.
>
> Okay, let's say, we have ntdom with ntpdc and sambadom with
> sambapdc.
>
> In these examples here, we want the sambapdc to trust the
> ntpdc. So what happens:
>
> sambaadmin asks the ntadmin to do his stuff.
>
> ntadmin does the stuff in the usrmgr, what effectively
> happens is:
> ntpdc> createuser -i sambadom$ -p foosecret
>
> sambaadmin now knows the pw.
>
> he must
> a) create a NTDOM.SID
> b) setup the lsasecret to contain the pw (foosecret), so
> samba can use the trust-relationship.
>
> So? How to do that from rpcclient?
i forget :) there is a -i [inter-domain] option to createuser. i haven;t
set up an inter-domain trust relationship for about 6 months.
More information about the samba-ntdom
mailing list