[Samba] Trust Domains ...

C.Lee Taylor leet at leenx.co.za
Thu Jun 6 10:58:31 GMT 2002


Greetings ...

	After a little research (somebody did a bit or work ;-O ) with google and 
the replies to my questions, this what I think I understand and will test 
very soon ( Hope not to make an ass of myself. )

Andrew Bartlett wrote:
> Samba 2.2 supports being trusted by NT.  Its a bit odd, and mainly works
> due to the fact that domain logons and interdomain logons are almost
> exactly the same.  Not 'supported', and only works for NT domains with
> just a PDC.
	Okay, I asked this question before, but got no responce, so I am going to 
ask again, but this time with a little more details from my side.

	NT4sp6 PDC with Exchange 5.5sp4 host the mail ( and other resouces ) for my 
Linux domain.  I wish to setup a Trust domain.

	If I understand this correctly, the NT4 domain needs to trust my Samba domain.

	Now according to http://mordor.clayton.edu/samba-tng/tng-pdc-trust.html as 
my reference, I will need to setup a machine account for the DOMAIN, PDC 
and each of the BDC's and then in the User Manager setup the trust 
relationship.

	This feel like I am missing something, because when a machine joins the 
domain, it normally needs root password ( which I don't wish to give to NT4 
Admin ) and now I don't see any password been setup here ... it just does 
not seem secure.  If I set my root password to something easy for the trust 
setup and make it secure afterwards would that not break the trust ...

	As I said, it feel like I am missing something.  I have a funny feeling that 
my Samba server should join the NT4 domain, but then I don't see anything 
that says I have too.  What should the security option set too, because I 
have see a few errors in one of my domains that have a LDAP SAM, which I 
had to change the option until the errors went away without kill my 
network.  Once I get this right, I will get a friend to help document what 
I have done, maybe it could be tha basis for mini-howto or something. This 
all seems like too much.

	Thanks for all the help everybody has given me.

Mailed
Lee





More information about the samba mailing list