[Samba] auth to two diff PDCs? (success, sort of)

Mike Brodbelt m.brodbelt at acu.ac.uk
Tue Oct 29 13:02:32 GMT 2002

Collins, Kevin wrote:
> Hi All:
> Excuse me for butting in here, but I'm planning a migration from WinNT 4
> to Samba in the near future and this thread has caused me to worry a
> little.
> Take the case that I'm planning:  3 Domains each to its own LAN
> (connected via 128k Frame Relay lines to form a WAN) Each domain
> currently has a NT 4 PDC and each domain "trusts" each other.  How do I
> accomplish these "trusts" only using Samba PDCs?

With difficulty. There are a number of ways to hack round the problem
which you'll find if you search, but it's not supported functionality ATM.

> Meaning:  If I rip out the NT Domains, replace the PDCs with Samba PDCs
> and rebuild new domains (new Domain Names, new NetBIOS names for the
> PDCs, etc.)  How do I get the three domains to once again trust each
> other?  Is there a Samba command to do this?

Not at present. The current release branch of Samba (2.2.x) does not
support trust relationships between domains. Samba 3.x will support this
functionality, and I believe the code is already in CVS to do it.

You could get an alpha of Samba 3.x, or a CVS checkout, and try to make
it work with that. If I were you, I think I'd try this, but run 2 copies
of Samba on each server, 3.x alpha for the PDC aspect, and 2.2.x for the
actual file/print serving. You can bind two IP's to the NIC in your
machines, and run 3.x on one IP, and 2.2 on the other.


More information about the samba-technical mailing list