[Samba] auth to two diff PDCs? (success, sort of)

Andrew Bartlett abartlet at samba.org
Tue Oct 29 13:10:10 GMT 2002 

Mike Brodbelt wrote:
> 
> Collins, Kevin wrote:
> > Hi All:
> >
> > Excuse me for butting in here, but I'm planning a migration from WinNT 4
> > to Samba in the near future and this thread has caused me to worry a
> > little.
> >
> > Take the case that I'm planning:  3 Domains each to its own LAN
> > (connected via 128k Frame Relay lines to form a WAN) Each domain
> > currently has a NT 4 PDC and each domain "trusts" each other.  How do I
> > accomplish these "trusts" only using Samba PDCs?
> 
> With difficulty. There are a number of ways to hack round the problem
> which you'll find if you search, but it's not supported functionality ATM.
> 
> > Meaning:  If I rip out the NT Domains, replace the PDCs with Samba PDCs
> > and rebuild new domains (new Domain Names, new NetBIOS names for the
> > PDCs, etc.)  How do I get the three domains to once again trust each
> > other?  Is there a Samba command to do this?
> 
> Not at present. The current release branch of Samba (2.2.x) does not
> support trust relationships between domains. Samba 3.x will support this
> functionality, and I believe the code is already in CVS to do it.
> 
> You could get an alpha of Samba 3.x, or a CVS checkout, and try to make
> it work with that. If I were you, I think I'd try this, but run 2 copies
> of Samba on each server, 3.x alpha for the PDC aspect, and 2.2.x for the
> actual file/print serving. You can bind two IP's to the NIC in your
> machines, and run 3.x on one IP, and 2.2 on the other.

The file & print part of Samba 3.0 is it's most stable part, so you
don't gain much by this.  However, the domain trusts stuff basicly
doesn't yet function - we still need to work on some details.  Now if
you want to help us with that... :-)

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list