[Samba] Domain trusts with W2003 and SAMBA 3.0.33 on RHEL (Added info)

[Douglas Phillipson]

To create a "Trust" between Samba and a W2003 AD Domain, does the Samba 
machine have to be a domain member also?

Doug P

On 10/11/2010 11:29 PM, Daniel Müller wrote:
> "http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrust
> s.html#id2621046"
>
> Problems with LDAP ldapsam and Older Versions of smbldap-tools
> If you use the smbldap-useradd script to create a trust account to set up
> interdomain trusts, the process of setting up the trust will fail. The
> account that was created in the LDAP database will have an account flags
> field that has [W ], when it must have [I ] for interdomain trusts to work.
>
> Here is a simple solution. Create a machine account as follows:
>
> root#  smbldap-useradd -w domain_name
>
> Then set the desired trust account password as shown here:
>
> root#  smbldap-passwd domain_name\$
>
> Using a text editor, create the following file:
>
> dn: uid=domain_name$,ou=People,dc={your-domain},dc={your-top-level-domain}
> changetype: modify
> sambaAcctFlags: [I         ]
>
> Then apply the text file to the LDAP database as follows:
>
> root#  ldapmodify -x -h localhost \
>   -D "cn=Manager,dc={your-domain},dc={your-top-level-domain}" \
>   -W -f /path-to/foobar
>
> Create a single-sided trust under the NT4 Domain User Manager, then execute:
>
>
> root#  net rpc trustdom establish domain_name<----- important
>
>
> It works with Samba-3 and NT4 domains, and also with Samba-3 and Windows
> 200x ADS in mixed mode. Both domain controllers, Samba and NT must have the
> same WINS server; otherwise, the trust will never work.<---important
>
>
> -----------------------------------------------
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
>