[Samba] Cross Realm Support

Wachdorf, Daniel R drwachd at sandia.gov
Mon Oct 27 23:14:00 GMT 2003

I am doing some testing in Samba 3.0.  I am using security=ADS.

I am wondering if Samba has any support for cross-realm trust.

For example, I have one AD forest SANDIA.GOV that has trust with
SANDIA2.GOV.  I have the Samba server on linux.sandia2.gov.  I have a local
user account on linux.sandia2.gov called user.  When I log into a win2k
client as SANDIA2.GOV/user and connect, it works fine.  When I log on to a
win2k box in SANDIA.GOV with the account SANDIA.GOV/user I can't connect.  
The log file displays:
	Username SANDIA.GOV\user is invalid on this system.

I am obtaining all the necessary Kerberos tickets.

Is there a way to map users from a trusted realm into a local account?


Daniel Wachdorf
drwachd at sandia.gov
Sandia National Laboratories
System Security Research and Integration

More information about the samba mailing list