net ads join <-> cross realm trust
Miguel Sanders
miguelsanders at telenet.be
Tue Aug 14 21:12:22 GMT 2007
Jerry
Could you please clarify this.
So "joining" the MIT realm just means creating a host (which I already have) and cifs service principal.
Now how exactly can Samba access SID data from Active Directory then? (Is it through a user mapping?)
I can't seem to find any information on this matter.
Thanks alot for your help
Miguel
----- Original Message -----
From: Gerald (Jerry) Carter
To: Miguel Sanders
Cc: samba-technical at lists.samba.org
Sent: Friday, August 10, 2007 5:29 AM
Subject: Re: net ads join <-> cross realm trust
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Miguel Sanders wrote:
> Jerry
>
> What I would like to see is the following:
> Now (using net ads join) I can see in kerbtray that a host and cifs
> service ticket are issued with the following form:
> host/FQDN at WINDOWSDOMAIN <mailto:host/FQDN at WINDOWSDOMAIN> (in which
> FQDN is the fully qualified DNS name of the UNIX machine
> cifs/FQDN at WINDOWSDOMAIN <mailto:cifs/FQDN at WINDOWSDOMAIN>
>
> I would like to see that a host/FQDN at MIT <mailto:host/FQDN at MIT> and
> cifs/FQDN at MIT <mailto:cifs/FQDN at MIT> service ticket is issued by the
> cross realm since are UNIX principals are gathered in the MIT realm.
Then join the Samba box to you own MIT realm. Create you own
keytab file. But this is not the purpose of 'net ads join' which
joins the Samba host to the AD domain. What you want is to
join the MIT realm.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGu9uvIR7qMdg1EfYRAlIGAKCQul1gw0D530ZR6RsOwtHAn5nO8ACgiWds
kLVysrVdjQTOM0Eqnxu/9dw=
=Bwm2
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list