Dmitry Butskoy buc at
Mon Oct 16 13:24:29 GMT 2006

Volker Lendecke wrote:

>On Thu, Oct 12, 2006 at 07:55:17PM +0400, Dmitry Butskoy wrote:
>>Say again: When NSS-winbind is not used, the server can be in several 
>>domains simultaneously! It could be very useful for users in UNIX-based 
>Again: Please use trusts for this. Samba can perfectly well
>trust a W2k3 current patches domain and the other way round
>as well. If this does not work, we have a but we are going
>to fix.

"net rpc trustdom" ?  But AFAIK AD must be in the "mixed mode" for this, 
which is (for some reasons) impossible for us.  And "net ads trustdom" 
still not implemented... ;)

Moreover, even for the "two NT domains" case. Consider two NT domains 
"OLDDOM" and "NEWDOM". A fileserver in NEWDOM trusts OLDDOM.
The "NEWDOM\name" is mapped to UNIX user "name" (according to "winbind 
trusted domains only = yes"). But what user "OLDDOM\name" will be mapped 
to?  (Surely we want it to be mapped to "name" too).


More information about the samba-technical mailing list