[Samba] Samba3 and forest trust

Guy Teverovsky antid0t at yahoo.com
Tue Oct 5 08:07:21 GMT 2004

I have 2 W2K3 forests: forestA.com and forestB.com.
forestB.com has several child domains:
child1.forestB.com, child2.forestB.com, etc...
forestA.com has no children.
There is a 2-way transitive forest trust between the forests.

What I would like is to have Samba3 box in forestA.com to be able to 
authenticate users from child domains of forestB.com.
i.e.: user from child1.forestB.com can access samba3box.forestA.com.

I can successfully join samba box to forestA.com AD, but from the logs I see 
that winbind does not enumerate the child domains of forestB.com (because it's 
a forest and not NTLM trust ?).

As a side note: is there any way to make winbind not to enumerate certain 
domains and/or certain users/groups by the means of custom LDAP filter ? We 
have a rather large environment and an attempt to enumerate some 50K users 
miserably times out.

More information about the samba mailing list