[Samba] one-to-many inter-domain trusts problem
nvs at orbank.ru
Thu Jan 19 14:23:11 GMT 2006
My organization has a number of branch offices with separate domain for each
of them. All these domains are based on one large NSS LDAP tree, each domain
based on separate subtree in it. One domain defined as "main" domain and
should have trust with all other domains. But unix user names for trust
accounts are the same as trusting domain name, so in case with my setup (one
unix accounts database) when some site wishes to trust domain that already
established trust with some other domain, will fail, because domain trust
account already exists.
Here is example:
DOM1 has trusts with DOM2 (so unix users dom1$ and dom2$ exists)
DOM3 tries to trust DOM1 and will fail (because user dom1$ exists)
Is there any way to avoid this problem with my setup? Note that I cannot make
separate NSS LDAP tree for each site...
Personally I see only one solution: I should write patch that will change
samba behaviour for that domain trust accounts to be called on base of
trusting AND trusted domain (i.e. "trust_dom1_dom2$")...
My samba version is 3.0.20a.
More information about the samba