Trust status
Stefan (metze) Metzmacher
metze at samba.org
Wed Dec 3 21:13:47 GMT 2008
>> what's the status of trust support in samba4?
>
> Very poor. This is my next task, once I get the extended DN work in.
>
>> Can NT4 trust us?
>
> Probably.
>
>> Can we trust NT4?
>
> No.
>
>> Can an AD-Forest trust us using krb5?
>
> We have some of the KDC parts done (as Heimdal has cross-realm already),
> but in setting up the trust windows asks us to use a LSA Op that we
> don't yet implement.
>
>> Can we trust an AD-Forest using krb5?
>
> Similarly, this should be the next task.
>
>> Can an AD-Forest trust us using ntlmssp?
Isn't this similar to the NT4 trusts us case?
>> Can we trust an AD-Forest using ntlmssp?
>
> Both of these require more work with winbind and creating a
> map of the full transitive set of trusts.
Can you describe how that should in theory work?
I mean the logic of creating this map and what we need to do.
I'm just interested in one domain in each forest currently...
>> Can Samba3 trust us? (With the extended dn fixes applied)
>
> I hope to have this working soon.
Both as workstation and domain trust?
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20081203/c64b0a4d/signature.bin
More information about the samba-technical
mailing list