Trust status

Andrew Bartlett abartlet at
Wed Dec 3 20:53:29 GMT 2008

On Wed, 2008-12-03 at 13:40 +0100, Stefan (metze) Metzmacher wrote:
> Hi Andrew,
> what's the status of trust support in samba4?

Very poor.  This is my next task, once I get the extended DN work in. 

> Can NT4 trust us?


> Can we trust NT4?


> Can an AD-Forest trust us using krb5?

We have some of the KDC parts done (as Heimdal has cross-realm already),
but in setting up the trust windows asks us to use a LSA Op that we
don't yet implement. 

> Can we trust an AD-Forest using krb5?

Similarly, this should be the next task. 

> Can an AD-Forest trust us using ntlmssp?
> Can we trust an AD-Forest using ntlmssp?

Both of these require more work with winbind and creating a 
map of the full transitive set of trusts.

> Can Samba3 trust us? (With the extended dn fixes applied)

I hope to have this working soon. 

> Can we trust Samba3?


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list