two way trust between samba tng pdc and nt pdc

kill -9 kill-9 at warbeast.com
Thu Jun 29 14:43:33 GMT 2000 

Thanks a heap for you clarification. Things are starting to work already.
I will get back with more info later. For now though, could you or someone
please clarify the format of the 'trusted domains=' line?
The way you mentioned it confused me a little. For example, my samba
domain is lxind, and my samba domain pdc is lxfsind. The nt domain is
ntfsind, and the nt pdc is fsind. Do I do trusted domains=ntfsind
or do I do something else? Thanks again.


On Thu, 29 Jun 2000, Elrond wrote:

> On Wed, Jun 28, 2000 at 01:09:56AM +1000, kill -9 wrote:
> > I have been able to create a trust relationship between my tng samba pdc
> > box and my nt pdc box, with samba as the trusted and nt as the trusting.
> > I did this by creating a machine account in samba using the -i option,
> > with the name of the trusting domain, and a machine account in samba with
> > the name of the nt pdc machine. I then used user manager for domains on
> > the nt pdc to create the trust using the password I gave to the trust
> > account on the samba pdc. This seems to have worked. Now I want to go the
> 
> Nice, that you described this awkward process here.
> I've gone through it too.
> 
> What I have to note:
> 
> The nt pdc will change the pw every some weeks and it will
> only change the pw for the account with the domain-name, so
> you have to copy the pw over to the account for the
> pdc-name.
> 
> I'm thinking of fixing this by using the trusting domain
> variable, but I currently want to get CVS TNG more
> stable... before starting to play again.
> 
> 
> > other way, and I'm a little lost. I have 'permitted the samba pdc to
> > trust' on the nt pdc, and from what I've gleaned, this should create an
> > inter-domain-trust account on the nt pdc with a machine name equal to
> > my samba pdc domain. This is where I get stuck. How do I actually create
> > the trust on the samba pdc? What is the significance of the 'trusted
> > domains' and 'trusting domains' values in smb.conf? I noticed when I moved
> > to CVS 2.5 GOOD that if I included the 'trusted domains' lines that most
> > of the daemons would not start properly. It's okay to include the
> > 'trusting domain' line however. Thanks for ANY help or info.
> 
> You've gone the right way here.
> You've to do the following too:
> 
> add the domain to the trusted domains-list:
> trusted domains = "domain=pdc,bdc"
> 
> Then you have to do something like
> 	smbpasswd -j NTDOMAIN
> (hope, I remember that correctly...)
> 
> The other way is to find out the domain sid of the nt
> domain (rpcclient -S ntpdc -U % -c 'lsaq') and create a
> NTDOMAIN.SID next to your SAMBADOMAIN.SID file, with the
> SID as contents.
> 
> The next problem is, that samba needs a unix-user for each
> nt-user... you might want to investigate winbind, or create
> them all by hand...
> 
> Please tell us, how far you get and especialy, if
> interactive login from the "other domain" works in both
> domains, I mean:
> 
> Go, and sit in front of some nt-box, that is a member in
> the NTDOMAIN and try to login as a user from the
> SAMBADOMAIN. If that doesn't work, please try to find some
> indications in the logs.
> 
>     Elrond
> 

----------------------------------------------------------------------------
Alex West
A&M Communications - Tech Guru
BioControl Technology Inc., MIS Administrator
kill-9 at warbeast.com | kill-9 at ipost.net
Visit Third Eye Digital Productions - http://www.indiana-emall.com/thirdeye
Check out my band and FREE music at ***  www.mp3.com/snowpants  ***
----------------------------------------------------------------------------

More information about the samba-ntdom mailing list