samba to trust another windows domain
lukwata at roxi.rz.fh-mannheim.de
Fri Sep 28 02:22:02 GMT 2001
> This is from Roman Kozello--------------------->
> Make sure you set up 'domain admin users' in smb.conf. Mapping this
> account to root in smbusers file and adding a user root to smbpasswd may
> also be necessary.
Sorry for silly sounding questions. I had to deal with Samba for
the fist time since two weeks ago:
Would you please give an example of the "domain admin users" line.
How can this account be maped to root and where is the smbusers file?
> However, creating machine trust account through Windows Net->Properties
> leads to disabled account.
> Enable it with webmin or look at smbpasswd file - remove letter D at the
> right side of appropriate string.
Where to get webmin? I have tried excecute webmin but it is not known.
(the letter D was possible inserted by a mail program)
> Then, close Net->Properties applets window and join domain again without
> creating an account. You should go.
> Or, better, create <machine_name$> Unix account with no shell, no home,
> no password...
> And # smbpasswd -a -m <machine_name>
> Join domain without creating trust account from Win side.
A trust account for a windows worksatstion in DOMAIN2 (not PDC)
was created in Samba DOMAIN1. But from DOMAIN2 the workstation
could not access DOMAIN1 (may be because they are different
subnets: DOMAIN1 220.127.116.11 and DOMAIN2 18.104.22.168).
Must a PDC of DOMNIN2 at first have a trust account in Samba DOMAIN1?
(Must then also all windows workstations in DOMAIN2 have trust accounts
in Samba DOMAIN1?)
Thanks very much for the hints.
> Dominic wrote:
> > Hi all, thanks for the response about the sync password. I will work
> > and trythe proporsals. There is still another big problem and may be
> > someone has a hint howto solve it: How can I make a Samba PDC trust
> > another windows domain? We have two subnets: One of them is a
> > heterogeneous with Unix/Linux and Windows workstations.One of the
> > Linux Workstation (call it PDC1) is the NIS-Server and is alsothe
> > Samba Domain Controller. Let us call this Domain (NIS and Samba)
> > DOMAIN1 .Unix-NIS accounts and Samba Accounts are identical.Let the
> > Net-IP be 22.214.171.124 Another subnet is a pure windows (NT) domain.
> > Call the domain controller PDC2and the Domain DOMAIN2. Let the Net-IP
> > be 126.96.36.199 Now a lot of users in DOMAIN2 like to log on the
> > Unix-Workstaions in DOMAIN1.The Windows-Machine in DOMAIN2 are used
> > just as Access-Terminals to Unix-Work-stations in DOMAIN1. Because of
> > different departments DOMAIN1 and DOMAIN2cannot be merged to one
> > domain. Consequently windows users from DOMAIN2 liking to log on
> > Unix-DOMAIN1 must havetwo accounts. One in DOMAIN2 just to provide
> > access to the windows machine. Thenanother account in DOMAIN1 for
> > Unix-Access (e.g. via ssh and eXeed). Now this is a doulbe work with
> > all its disavantages. The questionis: How can I make users have only
> > one account in DOMAIN1 but be able to log on DOMAIN2?Can I solve this
> > by making the Samba DOMAIN1 trust the NT DOMAIN2 (and vice versa).How
> > ? (i.e. How can I make the Samba DOMAIN1 trust the NT DOMAIN2?) Thanks
> > a lot for any hint Dominic
Tel.: +49 621 292 6227
Fax.: +49 621 292 6237
eMail: d.lukwata at fh-mannheim.de
More information about the samba-ntdom