[Samba] Domain trusts and samba member servers

Steve Chupack steve.chupack at dealer.com
Sun Jan 17 15:59:55 MST 2010

Well, the idea was to have OLDDOMAIN and NEWDOMAIN authenticating users simultaneously as we migrate people to NEWDOMAIN in a controlled/progressive rollout.. I assume my samba box will no longer act as a domain controller if I make it a member server of the 2008 box, but I would actually like to be wrong on this point. ;-)

On Sun, 17 Jan 2010 18:03:13 +1030
"malz" <malz at jetlan.com> wrote:

> As a thought, can you put the Samba box in as a member server of the
> Server 2008 AD ?  Run the 2008 Server in 2003 AD mode and it will work
> perfectly.  I have done this successfully.
> 2008 AD Server  (DNS/AD/WINS)
> Suse 11.0 Member server  (Samba version 3.4.4-1.1-2267-SUSE-CODE11)
> (F&P, Postfix Mail)
> You won't have to worry about your trust issues this way.
> Cheers
> Mal
> -----Original Message-----
> From: samba-bounces at lists.samba.org
> [mailto:samba-bounces at lists.samba.org] On Behalf Of Steve Chupack
> Sent: Sunday, 17 January 2010 2:44 AM
> To: samba at lists.samba.org
> Subject: [Samba] Domain trusts and samba member servers
> Below is something I posted a while ago and got no responses... Maybe it
> was too convoluted for anyone to bother with, so let me try and put it
> more simply.
> I have a Win Server 2008 AD box (NEWDOMAIN) which is trusted by my samba
> DC (OLDDOMAIN). Users on NEWDOMAIN can access resources on the OLDDOMAIN
> DC just fine. But the trust relationship is not recognized or respected
> by my samba member servers in OLDDOMAIN.
> So, very simply put, even if nobody has the specific howto: Do samba
> member servers understand interdomain trusts? 
> Thanks for any and all input -- I am at a standstill with a fairly major
> project and any help at all would be greatly appreciated. I have a
> suspicion it has something to do with winbind on the member servers, but
> I'm having no luck.
> On Thu, 6 Aug 2009 08:39:51 -0400
> Steve Chupack <steve.chupack at dealer.com> wrote:
> > I'm in the process of migrating from a Samba PDC to a Win2k3 PDC (all
> member servers will remain as Samba boxes).
> > 
> > NEWDOMAIN = new Win2k3 PDC 
> > OLDDOMAIN = current samba PDC
> > OLDDOMAIN_MEMBER = a current samba box that's a member of OLDDOMAIN
> > 
> > I've successfully established a trust relationship between OLDOMAIN
> full access to resources on the OLDDOMAIN PDC.
> > 
> > Where I'm stuck is granting access to OLDDOMAIN_MEMBER to users in
> NEWDOMAIN. OLDDOMAIN_MEMBER is joined to OLDDOMAIN and works as expected
> (Users in OLDDOMAIN can access resources on OLDDOMAIN_MEMBER. But users
> in NEWDOMAIN do not.
> > 
> > Can someone help with the general concept here? Should it work as I've
> configured it? Does OLDDOMAIN_MEMBER need to be running winbind against
> OLDDOMAIN PDC, or even NEWDOMAIN? (although I don't see how the latter
> would work without moving OLDDOMAIN_MEMBER to NEWDOMAIN).
> > 
> > Sorry if this is confusing -- tried to make it as clear as possible.
> > 
> > Steve

More information about the samba mailing list