[Samba] Domain trusts with W2003 and SAMBA 3.0.33 on RHEL (Added info)

Gaiseric Vandal gaiseric.vandal at gmail.com
Wed Oct 13 08:22:15 MDT 2010

Trusts are between domains.

If you configure a trust so that DomainA trusts DomainB,  a "machine" 
account for DomainA is created in DomainB-  this allows DomainA to 
retreive a list of user names that it can trust.

WHen you configure the outgoing trust in Windows (i.e. to you ask 
another domain to trust you) Windows will create the machine account.  
In samba, you need to create the machine account in unix with useradd 
(or the approp command.)

  And you have to make sure idmap, nsswitch and winbind are working.

And my experience was that Samba 3.0.x didn't handle play nice with 
Windows 2003 anyway.   The trusts were set up fine but the idmap caching 
was buggy.   You may be better off with samba 3.4 or later.   (Though I 
also had issues with that.)

If Windows 2003 is in native mode you may not get it working with samba 

On 10/13/2010 10:14 AM, Douglas Phillipson wrote:
> On 10/12/2010 01:05 PM, Douglas Phillipson wrote:
>> To create a "Trust" between Samba and a W2003 AD Domain, does the 
>> Samba machine have to be a domain member also?
>> Doug P
> I'm not clear on something.  My goal is to have our AD users access a 
> samba share without having to enter a second set of credentials.  So 
> this is where the trust comes in.  Our Samba machine is a PDC of a 
> different domain that our Win2003 PDC.
> I'm told the samba machine has to be a member server in the W2003 
> domain for the trust to work.  I thought trusts were between PDC's.  
> Can my samba machine be a PDC and a member server of a W2003 domain?
> Confused...
> Doug P

More information about the samba mailing list