trust between two samba-tng pdcs?

kill -9 kill-9 at
Fri Jun 30 15:35:30 GMT 2000

On Fri, 30 Jun 2000, [iso-8859-1] Lauri Mylläri wrote:
I haven't had a need to do this between two samba pdcs. but I would
assume the process is like so.
Create an account on domain1 pdc with the name of the other domain
(domain2$), and use the -i option (createuser -i domain2$ -p password)
(I think this is the format). Then create another account but with the
name of domain2's pdc, ex. (createuser domain2pdc$ -p password)
Do this but in reverse on the othe pdc. Unix accounts would have to be
done too on both. Then, I think you could just follow Elrond's
instructions, and use either smbpasswd -j domainname, or get the
domain sid for each domain using rpcclient -S otherpdc -U % -c 'lsaq', and
copy that SID into a file named DOMAIN1.SID. Do this for each domain.
Then I think you could use the trusting and trusted domains lines in each
smb.conf file. Sorry if this is unclear. As I said, I'm guessing, and
I've never really done this with 2 samba pdcs. 
Thhat prog you speak of sounds very usefull. I would sure be interested in
seeing it available.

> Hi!
>   Reading the exchange on two way trust between nt and samba was
> enlightening, but not quite enough for my situation. I have two domains
> controlled by samba-tngs with samba-2.0.7 {file,print}servers and NT4
> clients - and all is good and beautiful. Until I need to access the
> other domain with an NT.. Is it possible to get the pdcs to trust each
> other? Both are tng-2.5. All I found from the archives was how to get
> samba talking to nt pdc, but nothing on two samba pdcs. Is this documented
> somewhere else? Am I missing something completely obvious?
>   btw, I have a somewhat weird (but working solution) for keeping the
> account and group information updated on my samba pdc, samba servers, unix
> servers and workstations. A custom program, which creates and updates
> accounts/passwords/groups on *nix with ssh - a hack, but it requires
> no changes for existing linux workstations and keeps sanity in a mixed
> linux/NT environment (nfs and samba, nt and unix logins, imap accounts
> etc). It's a python application that comes with a gui, access groups
> for different computers and support for samba and cyrus.. If someone is
> interested, I should be able to get it released under GPL - the original
> coder is too busy to become a maintainer for a 'real' project.

Alex West
A&M Communications - Tech Guru
BioControl Technology Inc., MIS Administrator
kill-9 at | kill-9 at
Visit Third Eye Digital Productions -
Check out my band and FREE music at ***  ***

More information about the samba-ntdom mailing list