[Samba] Re: Trusted domains with ldapsam_compat in samba 3

D.R.Barker at exeter.ac.uk D.R.Barker at exeter.ac.uk
Mon May 23 00:04:03 GMT 2005

For the benefit of Google, and other's that may browse the list archive 
some day.

It turns out the the interdomain trust account is exactly the same as a 
machine account, but the account flags has I set instead of M (i.e  [I    
     ]) . Although not explicitly stated, this is implied in the 
documentation - I'll try to read more carefully in future.  ;-)

As it turns out, setting up the domain trust isn't really going to be 
much help for our department - our PDC can't list out the 22,000+ 
accounts quickly enough, so windows times out before ever showing a 
helpful list of users to work with. Does anyone know if ldapsam is much 
quicker than ldapsam_compat, or better yet, when samba 4 is going to be 
released? Delegation of admin on OU's would make this easier :D

David Barker wrote:

> Hi all :-)
> We are currently hosting a SAMBA domain that provides login & file 
serving for public clusters around the university campus. We are using 
Samba 3.0.10, with an LDAP server that uses a samba 2.x schema.
> A department would now like to trust our domain for authentication,  and
use their own domain to administer their windows boxes. Will we be  able
to create a domain trust account in our ldap server with our  samba 2
schema? And if so, does anyone have a sample ldif I could use  to
manually create the account directly in the ldap server?
> --
> David Barker
> University of Exeter IT Services

More information about the samba mailing list