How do I set up trust relationships in SAMBA

Jeremy Allison jeremy at
Sat Dec 11 01:26:14 GMT 1999

Rob Tanner wrote:
> Be nice -- I'm a SAMBA newbie, but at least I've got the O'Reilly book!!
> We want to use a SAMBA server to provide user accounts for a print
> charge-back system in our public student labs.  Since this amounts to
> several thousand accounts which are already managed and current on our
> e-mail server, we don't want to try to replicate them and keep them
> synchronized on the NT PDC.  For a variety of reasons, we don't want the
> SAMBA server to act as the PDC for that domain either.
> According to our NT guru, the solution is to set up a trust relationship
> between the SAMBA server and the PDC for the domain providing services to
> the student labs.  O'Reilly mentions nothing about trust relationships in
> the index, and thumbing through has yet to yield results.  This is
> supposedly a common practice thing in the NT domain world.  Can it be done
> with SAMBA?

You don't need a trust account or even a Samba PDC to do this. So
long as the account names are the same in the UNIX /etc/passwd and
NT SAM databases then just put the Samba server into
the NT Domain (see the Samba docs for details) and then
set up the Samba server in 'security=domain' code and
point the 'password server =' line at the PDC/BDC's.

Remember, Samba knows nothing about 'remote domain' accounts,
because UNIX knows nothing about such things. So you cannot
say to Samba 'allow user DOM1\FRED' access on this box as
that user has no meaning or existance on the UNIX box unless
it can be mapped to some existing UNIX user (say, 'fred').


	Jeremy Allison,
	Samba Team.

Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba mailing list