[Samba] At 4 a.m. it finally worked...Samba 3, interdomain trust, ldap, winbind

[Carl J. Hilinski]

I spent a solid two weeks trying to make a RH 9 with Samba 3 PDC operate the
way I wanted it to in a domain that includes an NT 4.0 PDC. Early this
morning, the NT user dogbreath belonging to the NT group mongrels was able
to log into the NT PDC, map to the big_ugly_dogs share on the Samba machine,
copy a file there, open it in OpenOffice 1.1.0, edit it, save it and then
delete it. All of this was done because I finally got things configured
correctly to make it all work.

Along the way, I read so much stuff at such odd hours. Without the help of
others, this could never have been accomplished. A how-to by Carl Weiss was
critical. So was the info from Ignacio Coupeau and the official Samba 3.0
documentation.

So now I have two PDCs (one NT4 and one Samba 3 on Linux) that trust each
other. Therefore, a user in one domain has access to shares and resources in
the other by vitue of that trust. And it's a single sign on because winbind
knows the users and groups from each of the domains. The use of OpenLDAP
will allow me to take the next step, which is adding a samba BDC to the
network.

There is still a lot of testing to be done before I am comfortable enough to
let "real users" onto the machines. There are things I still don't
understand.

I did spend the time to write up documentation on how to do this (I
shouldn't say I wrote it...I took a lot of bits and pieces from various
sources and compiled it all into one document). If anyone is interested,
check out the stuff at http://www.hilinski.net/samba . The documentation is
there, along with the configuration files I used.