[Samba] Fileserver for Two AD Forests with No Trust Relationship

Andrew Morgan morgan at orst.edu
Sat Dec 16 01:01:41 GMT 2006

On Fri, 15 Dec 2006, Alan Broady wrote:

> Hi,
> I have the following situation:
> I'm designing a solution for an organization with two Active Directory
> forests. The forests do not have a trust relationship, and there is no
> chance to get them to move to a trust relationship (at least within a
> reasonable timescale).
> I need to set up a fileserver than both sets of users can access, with
> Windows authentication. I could host this on a UNIX box (probably AIX)
> or on a Windows box (probably W2003 Server).
> AFAIK, there is no way to set up a single instance of Samba to realize
> this (or at least without getting into hacking the source / special
> builds, which also would be unacceptable - I must use widely available
> / standard products).
> Mad idea:
> 2 x UNIX servers (or logical partitions - bit like a VMWare image).
> On each UNIX server, run Samba.
> One server is a "normal" Samba fileserver
> Other server has files from the first server mounted via NFS.
> Would it work?
> If not why not?
> Issue?
> Better ideas (please!!)

You could probably run both copies of Samba on a single box by having each 
Samba bind to a separate network interface.  I'm not sure how you could 
handle the local unix accounts needed though, since winbind to 2 forests 
would be pretty hairy.


More information about the samba mailing list