Trusted Domains
Andrew Bartlett
abartlet at samba.org
Mon Jun 17 20:10:02 GMT 2002
> "Esh, Andrew" wrote:
>
> When a Samba 2.2.4 server is in Windows domain which trusts other
> domains, how does the Samba server become aware of the domain
> controller host names for the other domains?
By doing a wins lookup, then a broadcast lookup for the DCs.
> I am using security = domain, and the Windows domain is controlled by
> a Windows NT server which is also running WINS. On the Windows side, I
> can see that the WINS server has static listings for domain
> controllers in each of the trusted domains, and it has the trust
> relationship set up correctly for each domain.
>
> On the Samba side, I can use "wbinfo -m" to list the names of the
> trusted domains. I can use "nmblookup -U ip_of_main_domain_controller
> -R TRUSTED_HOST_NAME" to look up the IP addresses of the controllers
> for the trusted domains, so WINS is working for the host names. I
> can't look up the domain name and get either a controller host name or
> IP, though. That's my problem. Is there some other way to resolve the
> trusted domain name into an IP address?
>
> Why do I need to do this? Because until I have the name of each
> trusted domain mapped to an IP address in /etc/lmhosts (or through
> WINS or DNS), wbinfo -g and -u only show local domain groups and user
> names. Samba does not appear to have any way to find controllers for
> the trusted domains.
Yes, you need to have all servers using the same wins server.
> Am I missing something? Is the Windows domain controller supposed to
> forward my group listing request and show the trusted ones too?
No, you have to find the trusted DC and request them from each.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list