[Samba] SAMBA in separate Domains/Forests ...
pascal p
paped.p at gmail.com
Tue Feb 6 10:46:32 GMT 2007
Hello ..
Does anyone have a description or hints on how to get Samba to see users
from two separate Windows ADS Domains/Forests ?
Here is the Situation :
Windows (Server 2003 R2):
TEST.DOM and DEMO.DOM in separate 'Forests'
DEMO.DOM Win2003 ADS -> explicit incoming Trust from TEST.DOM
TEST.DOM Win2003 ADS -> explicit outgoing Trust to DEMO.DOM
( TEST.DOM Trusts DEMO.DOM, but DEMO.DOM does NOT trust TEST.DOM )
Windows AD in TEST and DEMO see each others users just fine
Linux (RHEL4, Debian):
Samba 3.0.23d is joined to TEST.DOM and sees all Users and Groups from
TEST.DOM - but not the Users from DEMO.DOM (wbinfo -u, getent passwd).
( If TEST.DOM and DEMO.DOM are in the same Forest - and therefore get a
Two-Way Transitive Trust - Samba would see all users from TEST & DEMO
Same if TEST.DOM and DEMO.DOM are in separate Forests and a Two-Way
Explicit Trust is set up. )
net ads user -w DEMO -U user1%mypw
net ads user -w TEST -U user1%mypw
both will list the users from the respective Domain, therefore it looks
like it should be possible to get winbind lookup the users if given the
proper credential - the question is how ...
The simplest solution would be to establish a two-way Trust between the
Windows Domains, however, this is very likely not possible due to IT
Policies.
Thanks a lot for any hints or pointers !
Kind regards,
Pascal
More information about the samba
mailing list