[Samba] Re: Interdomain trust between Samba and W2003 ADS in native mode

Sébastien Prud'homme sebastien.prudhomme at gmail.com
Tue Oct 28 18:01:27 GMT 2008


The setup is working on both side, the only difference between what is
written in Samba HOWTO is, as i said in a previous message:

- configure DNS on the Samba server so that the Samba server can
resolv Active Directory special DNS names (i had to install a local
correctly configured bind caching nameserver cause the guy who is
using the Active Directory server didn't used our company global DNS)

- configure Kerberos client on the Samba server (the same way you do
it when Samba is an Active Directory member server)

Now i can "see" Active Directory users and groups on the Samba server
(with wbinfo) and Active Directory "see" the Samba users and groups.

2008/10/27 Steven Geerts <Steven.Geerts at softathome.com>:
> Can you share us some more information on how you configured everyting.
>
> Did you try trusting a 2003 AD domain to your samba domain?
>
> Should be great if this was possible?
>
> Best regards
>
> steven
>
> -----Original Message-----
> From: samba-bounces+steven.geerts=softathome.com at lists.samba.org
> [mailto:samba-bounces+steven.geerts=softathome.com at lists.samba.org] On
> Behalf Of Sébastien Prud'homme
> Sent: maandag 27 oktober 2008 13:16
> To: Gerald Carter
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Re: Interdomain trust between Samba and W2003 ADS in
> native mode
>
> Thanks.
>
> FYI i have set up my Samba system to use the ADS DNS and i've
> configured /etc/krb5.conf with the ADS realm and now i can see ADS
> users and groups with wbinfo :-)
>
> I also changed some Samba conf as read in Red Hat Knowlegde Base (my
> distro is RHEL5.2):
> client schannel = No
> client use spnego = No
> server signing = Auto
>
> 2008/10/25 Gerald Carter <coffeedude.jerry at gmail.com>:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hey Ryan,
>>
>>> Samba3 cannot act as an AD domain controller and therefore cannot
>>> operate in a trust with a native mode AD domain. Samba4 will be able
>>> to do this but it is still under heavy development.
>>>
>>> If you put your AD domain in mixed mode, you should be able to create
>>> the trust although I'm not sure if you can convert a native to mixed
>>> mode or not...
>>
>> This is incorrect.  Native mode AD can have trusts with NT4 domains
>> (and therefore with Sambas as well).
>>
>>
>>
>>
>>
>> cheers, jerry
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.6 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQFJA2CAIR7qMdg1EfYRAgozAKDC8+hK93zGK0NTA6U1WGrCqV88/gCg2Z/I
>> PPW3rEqIWTlJiAUVTTMmtT8=
>> =+V6v
>> -----END PGP SIGNATURE-----
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>


More information about the samba mailing list