s4-11 interdomain trusts

simo idra at samba.org
Wed Mar 10 11:55:14 MST 2010


On Wed, 2010-03-10 at 10:32 -0800, Matthew Geddes wrote:
> What do you think the right approach is and how far through it have you made
> it?
> 
> It looks like we can make calls to an S3 winbindd in S4, but S3 winbindd
> isn't going to know about the trust credentials and attributes we have.
> 
> We can act as a domain member, right? So we can generate calls ourselves.
> I'm not sure what would be involved in doing the translation between
> incoming and outgoing calls. Any ideas or suggestions?
> 
> Thanks for the quick response.

I haven't yet attacked the problem, as a client samba 4 lacks a lot of
stuff and that is a pre-requisite to be able to connect to another DC to
do any operation, whether you are a DC forwarding requests for trusted
realms or a mere member server, in this case the code is almost the
same. The only difference is where you look for the secrets to use with
the peer.

Simo.


-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>



More information about the samba-technical mailing list