[Samba] Samba 3, Domain Trusts, Exchange server

Joe Dougherty dougherty at nlmof.navy.mil
Wed Jun 18 21:35:21 GMT 2003

Has anyone come up with a series of steps to successfully set up a trust
with a Windows 2000 domain using AD?

I have a Samba 3beta server set up as the PDC for a new domain(OPS). It's on
the same physical network as the Windows domain (ADMIN).
The W2K domain is an AD-based native domain. On that domain is a member
server running NT4 Server and Exchange 5.5. I need to allow user access from
the OPS domain to mail accounts on the Exchange box in the other domain.

I don't need any kind of AD-like features or compatibility on the new OPS
domain. The Samba server will provide all the Windows functionality
necessary to a handful of clients.

I've followed the recommendations in the beta configuration pdf document,
but it only covers setting the trust up using NT4 User Manager. This won't
work in the ADMIN domain, as the Exchange box is not a DC. I attempted to
use the Domain tool on W2K server, but  all I wind up with is a bunch of
cryptic errors.

The two domains can browse one another all day, but when I try to do
specific things that require trusts (i.e., establish connections to the
Exchange server for a mialbox in Outlook), I can't get it done.

Any suggestions or advice would be welcome.

Here's my smb.conf:

# Global parameters
 workgroup = OPS
 netbios name = JAGUAR
 server string = OPS Department Samba DC
 security = user
 passdb backend = smbpasswd,guest
 preferred master = yes
 domain master = yes
 local master = yes
 log level = 2
 log file = /usr/local/samba/var/log.%m
 max log size = 50
 logon path = \\%L\profiles\%U
 logon drive = u:
 domain logons = Yes
 os level = 99
 dns proxy = No
 admin users = smith
 username map = /usr/local/samba/private/username.map
 logon script = login.bat
 passwd program = /usr/bin/passwd %u
 unix password sync = yes
; added 6/16/03
 idmap uid = 10000-15000
 idmap gid = 10000-15000

 read only = No
 browseable = no
 create mask = 0600
 directory mask = 0700

 path = /profiles
 read only = No
 create mask = 0600
 directory mask = 0700
 csc policy = disable

 path = /usr/local/samba/netlogon
 admin users = root
 write list = root @admins

 comment = Shared Files Directory
 path = /home/shared
 read only = no
 create mask = 0600
 directory mask = 0700
 browseable = yes


 comment = Server Storage Directory
 path = /storage
 read only = no
 create mask = 0600
 directory mask = 0700
 browseable = yes
 valid users = @admins
 write list = @admins

More information about the samba mailing list