design for storing trusted domain passwords in ldap

Love Hörnquist Åstrand lha at kth.se
Thu Jan 18 09:06:07 GMT 2007


18 jan 2007 kl. 01.17 skrev Rafal Szczesniak:

> On Thu, Jan 18, 2007 at 12:49:18AM +0100, Love H?rnquist ?strand  
> wrote:
>>> ADS trusts are bidirectional, not NT.
>>
>> The "trusts" in Kerberos a uni directional, you add
>> two trusts to make them bi-directional but its up to the
>> administrator.
>
> That's interesting, because that would mean the ADS controller
> creates the trust as bidirectional automatically.

Are we talking about the same thing. My w2k3server have
the concept of "incoming" and "outgoing" trusts, at least
when talking to kerberos realms.

I've never set up trust between two domains before, so I don't
know how that works.

Love




More information about the samba-technical mailing list