Trust status

Stefan (metze) Metzmacher metze at samba.org
Wed Dec 3 21:13:47 GMT 2008


>> what's the status of trust support in samba4?
> 
> Very poor.  This is my next task, once I get the extended DN work in. 
> 
>> Can NT4 trust us?
> 
> Probably. 
> 
>> Can we trust NT4?
> 
> No.
> 
>> Can an AD-Forest trust us using krb5?
> 
> We have some of the KDC parts done (as Heimdal has cross-realm already),
> but in setting up the trust windows asks us to use a LSA Op that we
> don't yet implement. 
> 
>> Can we trust an AD-Forest using krb5?
> 
> Similarly, this should be the next task. 
> 
>> Can an AD-Forest trust us using ntlmssp?

Isn't this similar to the NT4 trusts us case?

>> Can we trust an AD-Forest using ntlmssp?
>
> Both of these require more work with winbind and creating a 
> map of the full transitive set of trusts.

Can you describe how that should in theory work?
I mean the logic of creating this map and what we need to do.

I'm just interested in one domain in each forest currently...

>> Can Samba3 trust us? (With the extended dn fixes applied)
> 
> I hope to have this working soon. 

Both as workstation and domain trust?

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20081203/c64b0a4d/signature.bin


More information about the samba-technical mailing list