[Samba] Samba 2.0.9 + NT 4.0 multiple domains

MCCALL,DON (HP-USA,ex1) don_mccall at hp.com
Wed Feb 6 12:20:41 GMT 2002

Hi Martin,
You need to JOIN the domain where the majority of your user accounts are,
NOT the dept domain where the resources are, and then point your 
password server= line to the pdc of that domain.
That way, when your dept users try to attach to a samba share, the samba
server will request authentication of that user to the pdc of whichever
locX domain you have joined, and it should be able to authenticate that 
Hope this helps,

-----Original Message-----
From: Martin Schretzmeier [mailto:mod at aon.at]
Sent: Wednesday, February 06, 2002 2:44 PM
To: samba at lists.samba.org
Subject: [Samba] Samba 2.0.9 + NT 4.0 multiple domains


I've problems to setup samba 2.0.9 ( originally it's HP CIFS/9000, but
that's using 2.0.9 as basis).
They problem is the current NT-Domain-Structure, because thats a very
difficult setup. I try to explain

We have 4 Logon-Domains where the users resides. One domain per location, so
lets call the domain
LOC1 to LOC4. Then we have more Resource-Domains, one for each department,
so lets call them
DEP1 and DEP2. The 4 Logon-Domains are fully trusted to each other ... but
the resource-domains
only trust to the Logon-Domains.

The samba-server is located in domain DEP1. We have created a
Machine-Account on the PDC and
the smbpasswd-command to join the domain worked.

Some samba-parameters:
password server = LOC1-PDC LOC2-PDC LOC3-PDC LOC4-PDC

I know that this is not like it should be, but the PDC from the DEP1-Domain
would reject the authentication
anyway because it doesn't have any users and it does not forwarding or
something. So I tried it with the
Logon-domain-pdcs. The PDCs are answering "NO_TRUSTED_SAM_ACCOUNT", which
isn't what I

I have no idea if that could work with samba, but I know that the same
schema is working with ASU/9000
which was the hp-product before CIFS.Also I don't know what more information
to provide, even I don't
have to deep NT-knowlegde. But maybe somebody has any idea or wants more
information. Any input/help
is welcome.


To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list