[Samba] Domain trust between a Samba PDC domain and W2K AD domain

Alberto Moreno portsbsd at gmail.com
Wed Jan 5 13:41:26 MST 2011


On Thu, Aug 5, 2010 at 7:23 AM, Gaiseric Vandal
<gaiseric.vandal at gmail.com> wrote:
> He is correct that the Windows 2003 native shd be able to trust an NT4
> domain (which is what Samba pretends to be.)   AD domain in Windows "mixed"
> mode supports NT4 domain members-  which is not what you are trying to do
> anyway.  But it suggested to me that when the AD domain moves to native mode
> it either tightens up some authentication protocols in such a way that don't
> play nice with older version of Samba.  Of course, there could have been
> some weird issue with my environment that I couldn't isolate.
>
>
> If you really were setting up a domain trust between NT4 PDC and an Windows
> 2003 PDC, the NT4 PDC would "think" it was talking to another NT4 PDC.
> Samba , even tho it is providing the function of an NT4 PDC,  looks like it
> will detect that the other domain is an Active Directory domain.   Things
> like DNS name lookup (which wasn't so much of an issue for primitive OS's
> like NT4 or Windows 95) are a lot more important.   (Active directory
> clients use DNS to locate AD  LDAP and Kerberos servers.)    It will
> probably make your life simpler if you use your Active Directory server as
> the main DNS and WINS server for the network.      You may also want to
> update the krb5.conf file on your samba server to have information info on
> the AD "kerberos" domain.       That may help samba locate the the DC for
> the AD domain.
>
>
> Also, pretty sure you need to keep NBT (netbios over tcp ) enable on your
> Windows AD server-  which should be the default option.  Windows XP (and
> later)  AD clients don't need NBT to talk to an AD server so it is possible
> your AD admin turned it off.
>
> I also found that the samba documentation was not as complete or current as
> I would like.
>
>
>
> On 08/05/2010 09:18 AM, Marc Rechté wrote:
>>
>> Hello Gaiseric,
>>
>> Thank you for your answer.
>>
>> My last experience in Windows server was on NT, therefore my knowledge on
>> AD is rather limited. I however work with an AD admin who may answer to some
>> questions.
>>
>> He said the server with which the relation has to be set is in a 2003
>> level forest with a 2003 R2 schema. He also made a reference to MS KB
>> http://support.microsoft.com/kb/325874/ on establishing a trust relation
>> between an NT server and 2003 server and this document does not explicitly
>> state the Windows server must be set in mixed mode.
>>
>> I checked both the Samba3 Official guide and Samba 3 how-to guides but it
>> seems both of them are stuck to 3.0 version. Is there some more updated
>> information regarding domains and AD interoperability in Samba ?
>>
>> Many thanks
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Hi people.

I'm working on a trust relation between Samba 3.3.X and Windows 2003
AD mixed mode.

I have read the doc about this but for some reason wont work, my
PDC+LDAP is working but I still cannot make this 2 servers share
users.

Could u please give me the process u use to create the relation
between win2k3(in/out) and  samba?

I will appreciated, thanks!!!

-- 
LIving the dream...


More information about the samba mailing list