[Samba] one-to-many inter-domain trusts problem

Nikita Smirnov nvs at orbank.ru
Thu Jan 19 14:23:11 GMT 2006


My organization has a number of branch offices with separate domain for each 
of them. All these domains are based on one large NSS LDAP tree, each domain 
based on separate subtree in it. One domain defined as "main" domain and 
should have trust with all other domains. But unix user names for trust 
accounts are the same as trusting domain name, so in case with my setup (one 
unix accounts database) when some site wishes to trust domain that already 
established trust with some other domain, will fail, because domain trust 
account already exists.

Here is example:
DOM1 has trusts with DOM2 (so unix users dom1$ and dom2$ exists)
DOM3 tries to trust DOM1 and will fail (because user dom1$ exists)

Is there any way to avoid this problem with my setup? Note that I cannot make 
separate NSS LDAP tree for each site...

Personally I see only one solution: I should write patch that will change 
samba behaviour for that domain trust accounts to be called on base of 
trusting AND trusted domain (i.e. "trust_dom1_dom2$")...

My samba version is 3.0.20a.


More information about the samba mailing list