s4-11 interdomain trusts
Matthew Geddes
musicalcarrion at gmail.com
Wed Mar 10 11:10:39 MST 2010
Hi,
I've been poking about a little with interdomain trusts with Samba 4 alpha
11 with some success. I found a couple of problems that I'll send patches
for soon, but I have Windows Server 2003 forming a one-way trust with Samba
4 where we trust the Windows domain and it doesn't trust us (ie, netdom
trust samba /domain:windows). A Samba 3 member of that domain calling
LsaEnumTrusts will get back a list of trusted domains, as does calling the
RPC directly using rpcclient.
The issue I'm currently hitting is that when a client from the windows
domain hits the Samba 3 server (member of S4 domain) and uses credentials
from the windows domain, the Samba 3 server makes a netrLogonSamLogon call
against Samba 4, which barfs because it's not one of its local domains (true
enough). I'm guessing Samba 4 needs to send the Windows DC a
netrLogonSamLogon in that case and return the response it gets back to the
Samba 3 host.
Has anyone else been looking into this particular part of the trust chain?
Does anyone have any guidance about the best place to implement it in S4 (as
a separate auth backend? in the rpc server? In s4 winbindd?)? I couldn't see
anything in git master that looked like it did what I'm looking for -- did I
miss it?
Thanks in advance.
thx,
Matt
More information about the samba-technical
mailing list