samba to trust another windows domain

Lukwata Dominic lukwata at
Fri Sep 28 02:22:02 GMT 2001


> This is from Roman Kozello--------------------->
> Make sure you set up 'domain admin users' in smb.conf. Mapping this
> account to root in smbusers file and adding a user root to smbpasswd may
> also be necessary.

Sorry for silly sounding questions. I had to deal with Samba for
the fist time since two weeks ago:

Would you please give an example of the "domain admin users" line.
How can this account be maped to root and where is the smbusers file? 

> However, creating machine trust account through Windows Net->Properties
> leads to disabled account.
> Enable it with webmin or look at smbpasswd file - remove letter D at the
> right side of appropriate string.

Where to get webmin? I have tried excecute webmin but it is not known.
(the letter D was possible inserted by a mail program)

> Then, close Net->Properties applets window and join domain again without
> creating an account. You should go.
> Or, better, create <machine_name$> Unix account with no shell, no home,
> no password...
> And # smbpasswd -a -m <machine_name>
> Join domain without creating trust account from Win side.

A trust account for a windows worksatstion in DOMAIN2 (not PDC) 
was created in Samba DOMAIN1. But from DOMAIN2 the workstation 
could not access DOMAIN1 (may be because they are different 
subnets: DOMAIN1 and DOMAIN2

Must a PDC of DOMNIN2 at first have a trust account in Samba DOMAIN1?
(Must then also all windows workstations in DOMAIN2 have trust accounts
in Samba DOMAIN1?) 

Thanks very much for the hints.


> Dominic wrote:
> >  Hi all, thanks for the response about the sync password. I will work
> > and trythe proporsals. There is still another big problem and may be
> > someone has a hint howto solve it: How can I make a Samba PDC trust
> > another windows domain? We have two subnets: One of them is a
> > heterogeneous with Unix/Linux and Windows workstations.One of the
> > Linux Workstation (call it PDC1) is the NIS-Server and is alsothe
> > Samba Domain Controller. Let us call this Domain (NIS and Samba)
> > DOMAIN1 .Unix-NIS accounts and Samba Accounts are identical.Let the
> > Net-IP be Another subnet is a pure windows (NT) domain.
> > Call the domain controller PDC2and the Domain DOMAIN2. Let the Net-IP
> > be Now a lot of users in DOMAIN2 like to log on the
> > Unix-Workstaions in DOMAIN1.The Windows-Machine in DOMAIN2 are used
> > just as Access-Terminals to Unix-Work-stations in DOMAIN1. Because of
> > different departments DOMAIN1 and DOMAIN2cannot be merged to one
> > domain. Consequently windows users from DOMAIN2 liking to log on
> > Unix-DOMAIN1 must havetwo accounts. One in DOMAIN2 just to provide
> > access to the windows machine. Thenanother account in DOMAIN1 for
> > Unix-Access (e.g. via ssh and eXeed). Now this is a doulbe work with
> > all its disavantages. The questionis: How can I make users have only
> > one account in DOMAIN1 but be able to log on DOMAIN2?Can I solve this
> > by making the Samba DOMAIN1 trust the NT DOMAIN2 (and vice versa).How
> > ? (i.e. How can I make the Samba DOMAIN1 trust the NT DOMAIN2?) Thanks
> > a lot for any hint Dominic

Dominic Lukwata
FH Mannheim
Windeckstrasse 110
D-68163 Mannheim

Tel.: +49 621 292 6227
Fax.: +49 621 292 6237
eMail: d.lukwata at

More information about the samba-ntdom mailing list