Dmitry Butskoy buc at
Mon Oct 16 16:46:55 GMT 2006

Gerald (Jerry) Carter wrote:

>Dmitry Butskoy wrote:
>>"net rpc trustdom" ?  But AFAIK AD must be in the "mixed mode" 
>>for this, which is (for some reasons) impossible for us.
>Nope.  NT4 style trusts with native AD domains as well.
Hmm... It means that my MS AD admins have confused me.

>>Moreover, even for the "two NT domains" case. Consider 
>>two NT domains "OLDDOM" and "NEWDOM". A fileserver in
>>NEWDOM trusts OLDDOM. The "NEWDOM\name" is mapped to UNIX
>>user "name" (according to "winbind trusted domains
>>only = yes"). But what user "OLDDOM\name" will be mapped
>>to?  (Surely we want it to be mapped to "name" too).
>No.  NEWDOM\user and OLDDOM\user are two different
>accounts from Windows (and Samba's) perspective.
>If you want them to map to the same unix user, then
>create a username map
on each file server manually?
Surely I can use ldap, but in general, NSS can be provided by a non-ldap 
method too (ypbind etc.)

Well, I don't insist on the additional option here. :) I just have 
caused a fileserver to work in two total-independent domains 
simultaneously (where one domain knows nothing about other, i.e. "full 
virtuality" etc.) I hope it could be useful for someone too, therefore I 
wrote about it. Who needs it, can find it now by google search. :)


More information about the samba-technical mailing list