[Samba] Samba PDC & Groups & Trust relationships & LDAP
abartlet at samba.org
abartlet at samba.org
Tue Mar 12 21:43:04 GMT 2002
On Tue, Mar 12, 2002 at 04:57:02PM -0800, nate wrote:
> <quote who="Andrew Bartlett">
> > nate wrote:
> >
> >> I established a one way trust
> >> relationship with the local NT4-based domain. It works fine, I
> >> can access network resources and stuff.
> >
> > I'm not sure what you have done here - becouse the code to do this
> > doesn't exist in 2.2.3a... (Its only in recent Samba HEAD CVS
> > checkouts).
>
> i saw another post on how someone did it. what i did was
> what he did, create a machine account, with the name of the other
> PDC, and a machine account of the name of the domain. I used
> the same password on both accounts. I don't know if I only need
> one or the other. Then on the NT box i put the name of the domain
> and the password I set on the machine account. it spit back,
> it could not verify the trust, But the domain and users
> were visible on the NT PDC, I assigned rights to a folder to
> test for a user thats on the other domain and it worked.
> thats as far as I've gone though.
The main work I did on this end was to kill of the 'create 2 accounts'
insainity (by fixing netlogon). So I'm glad to hear the old stuff works, as that level is still unchanged.
The problem you will get is when the trusting domain wants to change its password (every few weeks) Samba 2.2 will not update them both correctly. However, if there is only a PDC it just might work... But its done 'properly' in HEAD.
Andrew Bartlett
More information about the samba
mailing list