[Samba] Trust Domains ...

C.Lee Taylor leet at leenx.co.za
Thu Jun 6 11:20:04 GMT 2002

 image moved   "C.Lee Taylor" <leet at leenx.co.za>                  
 to file:      06/06/2002 01:54 PM                                

Greetings ...

     After a little research (somebody did a bit or work ;-O ) with google and
the replies to my questions, this what I think I understand and will test
very soon ( Hope not to make an ass of myself. )

Andrew Bartlett wrote:
> Samba 2.2 supports being trusted by NT.  Its a bit odd, and mainly works
> due to the fact that domain logons and interdomain logons are almost
> exactly the same.  Not 'supported', and only works for NT domains with
> just a PDC.
     Okay, I asked this question before, but got no responce, so I am going to
ask again, but this time with a little more details from my side.

     NT4sp6 PDC with Exchange 5.5sp4 host the mail ( and other resouces ) for my
Linux domain.  I wish to setup a Trust domain.

     If I understand this correctly, the NT4 domain needs to trust my Samba

     Now according to http://mordor.clayton.edu/samba-tng/tng-pdc-trust.html as
my reference, I will need to setup a machine account for the DOMAIN, PDC
and each of the BDC's and then in the User Manager setup the trust

     This feel like I am missing something, because when a machine joins the
domain, it normally needs root password ( which I don't wish to give to NT4
Admin ) and now I don't see any password been setup here ... it just does
not seem secure.  If I set my root password to something easy for the trust
setup and make it secure afterwards would that not break the trust ...

     As I said, it feel like I am missing something.  I have a funny feeling
my Samba server should join the NT4 domain, but then I don't see anything
that says I have too.  What should the security option set too, because I
have see a few errors in one of my domains that have a LDAP SAM, which I
had to change the option until the errors went away without kill my
network.  Once I get this right, I will get a friend to help document what
I have done, maybe it could be tha basis for mini-howto or something. This
all seems like too much.

     Thanks for all the help everybody has given me.


To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic01468.pcx
Type: application/octet-stream
Size: 2427 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20020606/0a06562a/pic01468.obj

More information about the samba mailing list