Trusted Domains

[Andrew Bartlett]

> "Esh, Andrew" wrote:
> 
> When a Samba 2.2.4 server is in Windows domain which trusts other
> domains, how does the Samba server become aware of the domain
> controller host names for the other domains?

By doing a wins lookup, then a broadcast lookup for the DCs.

> I am using security = domain, and the Windows domain is controlled by
> a Windows NT server which is also running WINS. On the Windows side, I
> can see that the WINS server has static listings for domain
> controllers in each of the trusted domains, and it has the trust
> relationship set up correctly for each domain.
> 
> On the Samba side, I can use "wbinfo -m" to list the names of the
> trusted domains. I can use "nmblookup -U ip_of_main_domain_controller
> -R TRUSTED_HOST_NAME" to look up the IP addresses of the controllers
> for the trusted domains, so WINS is working for the host names. I
> can't look up the domain name and get either a controller host name or
> IP, though. That's my problem. Is there some other way to resolve the
> trusted domain name into an IP address?
> 
> Why do I need to do this? Because until I have the name of each
> trusted domain mapped to an IP address in /etc/lmhosts (or through
> WINS or DNS), wbinfo -g and -u only show local domain groups and user
> names. Samba does not appear to have any way to find controllers for
> the trusted domains.

Yes, you need to have all servers using the same wins server.  

> Am I missing something? Is the Windows domain controller supposed to
> forward my group listing request and show the trusted ones too?

No, you have to find the trusted DC and request them from each.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net