design for storing trusted domain passwords in ldap
Love Hörnquist Åstrand
lha at kth.se
Thu Jan 18 09:06:07 GMT 2007
18 jan 2007 kl. 01.17 skrev Rafal Szczesniak:
> On Thu, Jan 18, 2007 at 12:49:18AM +0100, Love H?rnquist ?strand
> wrote:
>>> ADS trusts are bidirectional, not NT.
>>
>> The "trusts" in Kerberos a uni directional, you add
>> two trusts to make them bi-directional but its up to the
>> administrator.
>
> That's interesting, because that would mean the ADS controller
> creates the trust as bidirectional automatically.
Are we talking about the same thing. My w2k3server have
the concept of "incoming" and "outgoing" trusts, at least
when talking to kerberos realms.
I've never set up trust between two domains before, so I don't
know how that works.
Love
More information about the samba-technical
mailing list