[Samba] Re: problems trusting a w2003 domain server from samba 3

Gianluca Cecchi gianluca.cecchi at gmail.com
Fri Aug 11 16:04:57 GMT 2006 

It seems that I didn't understand quite well the concepts of trusting
and trusted... :-(

Watching deeper the documents at
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html
and
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbb_act_kxlx.mspx?mfr=true
and
http://support.microsoft.com/default.aspx?scid=kb;en-us;325874

I understood that I had to establish the opposite of what I was trying to do...
So, the configuration should be supported also without winbind on samba part.
And infact I successfully created on samba server the inter domain trust account
and then on w2003 I successfully created the OUTGOING trust for SAMBA domain.
At the end I disabled the sid history for the users (i don't know if
it is correct…) with the command:

netdom trust W2003 /domain:SAMBA /quarantine:No /userO:admin_user
/passwordo:admin_user_password

MySamba users can now be granted access to resources in the AD domain.
Infact if I create a share on the mailserver server, I can connect
from a windows xp workstation of the SAMBA domain, without password
asked.
And this happens if for example I set different passwords for the user
in the SAMBA domain and in the W2003 domain.

SUCCESS!
The problem is:
On windows xp workstation connected as user gcecchi (authenticated on
SAMBA domain)  I have outlook 2003 that is configured for accessing
mailserver on W2003 domain.
When I open outllok, it always asks me the mailserver password, either
in the case that the two domain passwords for the user are the same,
or if they are different.....
Before trusting, if the passwords were different, there were the popup
asking the one of the mailserver, otherwise  the connection was
(implicitly I suppose) attempted with the logon password and it
succeeded....

How can I manage this and prevent outlook from asking password????
Any help would be appreciated.
Thanks
Gianluca


On 8/11/06, Gianluca Cecchi <gianluca.cecchi at gmail.com> wrote:
> I have samba 3 PDC (SAMBA domain with hostname "pevpdc") on CentOS 3.7
> (package is named samba-3.0.9-1.3E.7) and I have a w2k3 sp1 domain
> (W2003 domain with hostname "mailserver").
> The last is in mixed mode and is an exchange server and the former is
> without winbind, using smbpasswd backend and "security = user" in
> smb.conf.
>

More information about the samba mailing list