Trusted Domains

Andrew Bartlett abartlet at
Mon Jun 17 20:10:02 GMT 2002

> "Esh, Andrew" wrote:
> When a Samba 2.2.4 server is in Windows domain which trusts other
> domains, how does the Samba server become aware of the domain
> controller host names for the other domains?

By doing a wins lookup, then a broadcast lookup for the DCs.

> I am using security = domain, and the Windows domain is controlled by
> a Windows NT server which is also running WINS. On the Windows side, I
> can see that the WINS server has static listings for domain
> controllers in each of the trusted domains, and it has the trust
> relationship set up correctly for each domain.
> On the Samba side, I can use "wbinfo -m" to list the names of the
> trusted domains. I can use "nmblookup -U ip_of_main_domain_controller
> -R TRUSTED_HOST_NAME" to look up the IP addresses of the controllers
> for the trusted domains, so WINS is working for the host names. I
> can't look up the domain name and get either a controller host name or
> IP, though. That's my problem. Is there some other way to resolve the
> trusted domain name into an IP address?
> Why do I need to do this? Because until I have the name of each
> trusted domain mapped to an IP address in /etc/lmhosts (or through
> WINS or DNS), wbinfo -g and -u only show local domain groups and user
> names. Samba does not appear to have any way to find controllers for
> the trusted domains.

Yes, you need to have all servers using the same wins server.  

> Am I missing something? Is the Windows domain controller supposed to
> forward my group listing request and show the trusted ones too?

No, you have to find the trusted DC and request them from each.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list