inter-domain trust account research
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Fri Mar 12 06:27:10 GMT 1999
OH YEAHH!!! done it. got an nt workstation to set up an inter-domain
trust relationship between nt pdc and samba pdc.
usrmgr | pol | trust | trusted-add:
samba-domain, password is X. to support this on samba side, add an
inter-domain trust account named after the NT PDC's *Domain* name with
password X, ACB_DOMTRUST.
you can expect to receive an SMBsesssetupX on NT_PDC'S_DOMAIN_NAME$ and
you must respond with "NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT" error
message.
usrmgr | pol | trust | trusting-add:
samba-domain, password is Y. to support this on samba side, add an
inter-domain trust account named after the NT PDC's *NetBIOS* name with
password Y, ACB_DOMTRUST.
you can expect to receive \PIPE\NETLOGON NetrRequestChallenge;
NetrAuthenticate2 of type 4 sec_channel; NT_PDC_NETBIOS_NAME$ and password
Y is used to generate the session key.
ok, i'll turn this into a real program later on, it's not documented and i
need to update smbpasswd as well. server-side inter-domain trust
relationships can expect to be in cvs main by next week. pass-through
authentication from a workstation to a trusted domain controller, if
necessary, within two.
luke
<a href="mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://samba.org" > Samba Web site </a>
=====================================================================
Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183
Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000
Internet Security Systems, Inc. | ISS Fax : (678) 443-6477
http://www.iss.net/ *Adaptive Network Security for the Enterprise*
ISS Connect - International User Conference - May '99
=====================================================================
More information about the samba-technical
mailing list