Trust status

Stefan (metze) Metzmacher metze at
Wed Dec 3 21:13:47 GMT 2008

>> what's the status of trust support in samba4?
> Very poor.  This is my next task, once I get the extended DN work in. 
>> Can NT4 trust us?
> Probably. 
>> Can we trust NT4?
> No.
>> Can an AD-Forest trust us using krb5?
> We have some of the KDC parts done (as Heimdal has cross-realm already),
> but in setting up the trust windows asks us to use a LSA Op that we
> don't yet implement. 
>> Can we trust an AD-Forest using krb5?
> Similarly, this should be the next task. 
>> Can an AD-Forest trust us using ntlmssp?

Isn't this similar to the NT4 trusts us case?

>> Can we trust an AD-Forest using ntlmssp?
> Both of these require more work with winbind and creating a 
> map of the full transitive set of trusts.

Can you describe how that should in theory work?
I mean the logic of creating this map and what we need to do.

I'm just interested in one domain in each forest currently...

>> Can Samba3 trust us? (With the extended dn fixes applied)
> I hope to have this working soon. 

Both as workstation and domain trust?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url :

More information about the samba-technical mailing list