Authentication through transitive trusts

Ken Cross kcross at
Mon Jul 14 18:03:04 GMT 2003


I'm having trouble authenticating through transitive trusts other than
parent-child configurations.

I have an Active Directory with SUPTRA at the top and 2 other AD servers,
KAMA and CAMP, so KAMA and CAMP have an implicit transitive trust.

1. If Samba joins SUPTRA (the top), it can authenticate against any domain.

2. If Samba joins KAMA, it can authenticate against KAMA and/or SUPTRA, but
not CAMP.  wbinfo -u shows users from all 3 servers, but wbinfo -m only
shows SUPTRA.

If I set up an explicit 2-way trust between KAMA and CAMP, everything
authenticates OK.  That's not practical in larger enterprises, though.

Is there some trick to using transitive trusts (SAMBA_3_0)?


Ken Cross

Network Storage Solutions
Phone 865.675.4070 ext 31
kcross at 

More information about the samba-technical mailing list