Volker Lendecke Volker.Lendecke at SerNet.DE
Mon Oct 16 19:04:03 GMT 2006

On Mon, Oct 16, 2006 at 05:24:29PM +0400, Dmitry Butskoy wrote:
> "net rpc trustdom" ?  But AFAIK AD must be in the "mixed mode" for this, 

AFAIK (just tested....) that assumption is wrong. Did you
try it?

> Moreover, even for the "two NT domains" case. Consider two NT domains 
> "OLDDOM" and "NEWDOM". A fileserver in NEWDOM trusts OLDDOM.
> The "NEWDOM\name" is mapped to UNIX user "name" (according to "winbind 
> trusted domains only = yes"). But what user "OLDDOM\name" will be mapped 
> to?  (Surely we want it to be mapped to "name" too).

If this is a migration scenario, there is no way around
eventually migrating the ACLs. With Windows you have the
chance to use the sidHistory feature, but this is not
available with NT4. So sooner or later you will have to go
through your file system and reassign the acls.

Maybe the 'username map' feature might help you here for the
transition period.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list