[Samba] Fileserver for Two AD Forests with No Trust Relationship
Andrew Morgan
morgan at orst.edu
Sat Dec 16 01:01:41 GMT 2006
On Fri, 15 Dec 2006, Alan Broady wrote:
> Hi,
>
> I have the following situation:
>
> I'm designing a solution for an organization with two Active Directory
> forests. The forests do not have a trust relationship, and there is no
> chance to get them to move to a trust relationship (at least within a
> reasonable timescale).
>
> I need to set up a fileserver than both sets of users can access, with
> Windows authentication. I could host this on a UNIX box (probably AIX)
> or on a Windows box (probably W2003 Server).
>
> AFAIK, there is no way to set up a single instance of Samba to realize
> this (or at least without getting into hacking the source / special
> builds, which also would be unacceptable - I must use widely available
> / standard products).
>
> Mad idea:
>
> 2 x UNIX servers (or logical partitions - bit like a VMWare image).
> On each UNIX server, run Samba.
> One server is a "normal" Samba fileserver
> Other server has files from the first server mounted via NFS.
>
> Would it work?
> If not why not?
> Issue?
>
> Better ideas (please!!)
You could probably run both copies of Samba on a single box by having each
Samba bind to a separate network interface. I'm not sure how you could
handle the local unix accounts needed though, since winbind to 2 forests
would be pretty hairy.
Andy
More information about the samba
mailing list