[Samba] Samba3 and forest trust
antid0t at yahoo.com
Tue Oct 5 08:07:21 GMT 2004
I have 2 W2K3 forests: forestA.com and forestB.com.
forestB.com has several child domains:
child1.forestB.com, child2.forestB.com, etc...
forestA.com has no children.
There is a 2-way transitive forest trust between the forests.
What I would like is to have Samba3 box in forestA.com to be able to
authenticate users from child domains of forestB.com.
i.e.: user from child1.forestB.com can access samba3box.forestA.com.
I can successfully join samba box to forestA.com AD, but from the logs I see
that winbind does not enumerate the child domains of forestB.com (because it's
a forest and not NTLM trust ?).
As a side note: is there any way to make winbind not to enumerate certain
domains and/or certain users/groups by the means of custom LDAP filter ? We
have a rather large environment and an attempt to enumerate some 50K users
miserably times out.
More information about the samba