[Samba] does 'all trusted domains' work?

unolinuxguru unolinuxguru at olug.org
Thu Mar 13 03:01:29 GMT 2003

Does the 'allow trusted domains' functionality in samba even work?  How is
it intended to work?

I have 2 domains, one run by an NT4 PDC and one run by a Samba PDC.  There
are Win98 clients on both of them.  How can I allow clients from the NT4
domain to access shares on the Samba domain?  Is this possible?  Any
enlightenment would be appreciated... =)

I have read every piece of samba documentation that I can find on this
topic (virtually nil) and still do not have an answer, or even a clear
understanding of what this function is supposed to do.  Can anyone help?

thanks, peace

> I would truly appreciate some help on this, it seems even the simplest
> things are so complicated!?...
> How does one enable samba shares through "allow trusted domains" to
> users of an nt4 domain?  Has anyone else done this?.. (I would hope so)
> see below for what I've tried...
>> I am running a samba pdc on host "debianpdc" for domain "linuxdom" and
>> have set "allow trusted domains = yes" in my [global] smb.conf file...
>> now how do I specify which domains to trust?
>> I would like to trust an NT4 domain "nt4dom" run by the host "nt4pdc"
>> on the same network.
> I just need a general overview of what needs to be done please.  Looking
> at this chart [1] for the process of how authentication to a share is
> done from a user in a seperate 'trusted' domain, I do not know what I am
> missing, this seems it should be simple enough...
> I have an entirely new user "user2" created on the "nt4dom" domain, this
> user is completely unkown to the "linuxdom" domain.  From a Win98
> workstation "user2pc", "user2" can log on fine into "nt4dom" and
> everything works.
> I now want user2 to access a shared drive (//lnxmbrsvr/share, perms
> rwxrwxrwx) on a member server "lnxmbrsvr" in the domain "linuxdom".  I
> have configured "lnxmbrsvr" to have the following pertinent settings in
> it's smb.conf file:
> [global]
> security = domain
> password server = debianpdc
> allow trusted domains = yes
> add user script = ...(it works in the linuxdom domain)
> I have also added a unix+samba machine (trust?) account for the "nt4dom"
> primary domain controller "nt4pdc" and user2's workstation "user2pc" on
> this linux domain member server "lnxmbrsvr".  I have tested and
> reloaded+restarted the debianpdc and lnxmbrsvr samba servers.
> The nt4pdc has also been configured to trust the 'linuxdom' domain.  I
> see no helpful output in the samba logs, what am I possibly missing?
> (When user2 is logged on at user2pc workstation in nt4dom domain and
> tries to access //lnxmbrsvr/share in the linuxdom domain (prompted for
> \\LNXMBRSVR\IPC$) and supplies the password for the nt4dom, it still
> errors "The password is incorrect. Try again.")
> [1] http://samba.linuxbe.org/en/samba/config/domain-1.html#trusted

More information about the samba mailing list