[Samba] Multiple AD domains

[Gruber, John]

Currently we have two AD domains with a one way transitive trust.

 

A->trusts->B

B->does not trust->A

 

This is for some very specific security constraints and cannot be
changed. 

 

Domain is 2003 native.  We are authenticating Kerberos just fine.

 

If I put my Samba server in Domain A and try to have users with
credentials in domain B (which it trusts) the users can not authenticate
and therefore cannot get access to shares on the Samba hosts. Other 2003
servers in domain A take connections from clients in domain B all day
long without difficulty. 

 

If I put my Samba server in Domain B, obviously clients in domain B can
access the shares, but now I cannot have my same machine get to other
shares in domain A.  I've tried cifs mounts all day long from my Samba
server in Domain B to shares in  Domain A, and it will not authenticate
even though domain A trusts domain B.

 

1)      Anybody have an obvious thoughts on what I might be messing up?

2)      Is there a way to run the same server (RHES) in both domains at
the same time?

3)      If we're all Kerberos here (not LANMAN), why wouldn't this work?

 

Thanks in advance for your advice.

 

Always appreciated!

 

John Gruber