Authentication through Transitive Trusts

Rafal Szczesniak mimir at
Wed Apr 2 20:27:00 GMT 2003

On Tue, Apr 01, 2003 at 10:45:07AM -0500, Ken Cross wrote:
> Samba-folk:
> I have an Active Directory with SUPTRA at the top and 2 other AD
> servers, KAMA and CAMP.
> If Samba joins KAMA, it can authenticate against KAMA and/or SUPTRA, but
> not CAMP.  wbinfo -u shows users from all 3 servers, but wbinfo -m only
> shows SUPTRA.
> KAMA and CAMP have an implicit transitive trust, but I can't seem to get
> Samba to use it.  The authentication request is sent to KAMA, but it
> gets NT_STATUS_NO_SUCH_USER.  (Same results if it joins CAMP and tries
> to authenticate against KAMA.)

Sounds like winbind doesn't map to unix uid, correctly or your ads domain
join didn't work. You use winbind, don't you ?

> Is there some trick to using transitive trusts (SAMBA_3_0)?

Nope. Just make sure you have 'allow trusted domains = yes'. It's set this
way by default.

 Rafal Szczesniak      mimir[at]
 Samba Team member     mimir[at]
 *BSD, GNU/Linux and Samba

More information about the samba-technical mailing list