buc at odusz.so-cdu.ru
Mon Oct 16 16:46:55 GMT 2006
Gerald (Jerry) Carter wrote:
>Dmitry Butskoy wrote:
>>"net rpc trustdom" ? But AFAIK AD must be in the "mixed mode"
>>for this, which is (for some reasons) impossible for us.
>Nope. NT4 style trusts with native AD domains as well.
Hmm... It means that my MS AD admins have confused me.
>>Moreover, even for the "two NT domains" case. Consider
>>two NT domains "OLDDOM" and "NEWDOM". A fileserver in
>>NEWDOM trusts OLDDOM. The "NEWDOM\name" is mapped to UNIX
>>user "name" (according to "winbind trusted domains
>>only = yes"). But what user "OLDDOM\name" will be mapped
>>to? (Surely we want it to be mapped to "name" too).
>No. NEWDOM\user and OLDDOM\user are two different
>accounts from Windows (and Samba's) perspective.
>If you want them to map to the same unix user, then
>create a username map
on each file server manually?
Surely I can use ldap, but in general, NSS can be provided by a non-ldap
method too (ypbind etc.)
Well, I don't insist on the additional option here. :) I just have
caused a fileserver to work in two total-independent domains
simultaneously (where one domain knows nothing about other, i.e. "full
virtuality" etc.) I hope it could be useful for someone too, therefore I
wrote about it. Who needs it, can find it now by google search. :)
More information about the samba-technical