[Samba] Re: Interdomain trust between Samba and W2003 ADS in native mode

[Steven Geerts]

Can you share us some more information on how you configured everyting.

Did you try trusting a 2003 AD domain to your samba domain?

Should be great if this was possible?

Best regards

steven

-----Original Message-----
From: samba-bounces+steven.geerts=softathome.com at lists.samba.org
[mailto:samba-bounces+steven.geerts=softathome.com at lists.samba.org] On
Behalf Of Sébastien Prud'homme
Sent: maandag 27 oktober 2008 13:16
To: Gerald Carter
Cc: samba at lists.samba.org
Subject: Re: [Samba] Re: Interdomain trust between Samba and W2003 ADS in
native mode

Thanks.

FYI i have set up my Samba system to use the ADS DNS and i've
configured /etc/krb5.conf with the ADS realm and now i can see ADS
users and groups with wbinfo :-)

I also changed some Samba conf as read in Red Hat Knowlegde Base (my
distro is RHEL5.2):
client schannel = No
client use spnego = No
server signing = Auto

2008/10/25 Gerald Carter <coffeedude.jerry at gmail.com>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hey Ryan,
>
>> Samba3 cannot act as an AD domain controller and therefore cannot
>> operate in a trust with a native mode AD domain. Samba4 will be able
>> to do this but it is still under heavy development.
>>
>> If you put your AD domain in mixed mode, you should be able to create
>> the trust although I'm not sure if you can convert a native to mixed
>> mode or not...
>
> This is incorrect.  Native mode AD can have trusts with NT4 domains
> (and therefore with Sambas as well).
>
>
>
>
>
> cheers, jerry
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJA2CAIR7qMdg1EfYRAgozAKDC8+hK93zGK0NTA6U1WGrCqV88/gCg2Z/I
> PPW3rEqIWTlJiAUVTTMmtT8=
> =+V6v
> -----END PGP SIGNATURE-----
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba