[Samba] Domain trust between a Samba PDC domain and W2K AD domain
Alberto Moreno
portsbsd at gmail.com
Wed Jan 5 13:41:26 MST 2011
On Thu, Aug 5, 2010 at 7:23 AM, Gaiseric Vandal
<gaiseric.vandal at gmail.com> wrote:
> He is correct that the Windows 2003 native shd be able to trust an NT4
> domain (which is what Samba pretends to be.) AD domain in Windows "mixed"
> mode supports NT4 domain members- which is not what you are trying to do
> anyway. But it suggested to me that when the AD domain moves to native mode
> it either tightens up some authentication protocols in such a way that don't
> play nice with older version of Samba. Of course, there could have been
> some weird issue with my environment that I couldn't isolate.
>
>
> If you really were setting up a domain trust between NT4 PDC and an Windows
> 2003 PDC, the NT4 PDC would "think" it was talking to another NT4 PDC.
> Samba , even tho it is providing the function of an NT4 PDC, looks like it
> will detect that the other domain is an Active Directory domain. Things
> like DNS name lookup (which wasn't so much of an issue for primitive OS's
> like NT4 or Windows 95) are a lot more important. (Active directory
> clients use DNS to locate AD LDAP and Kerberos servers.) It will
> probably make your life simpler if you use your Active Directory server as
> the main DNS and WINS server for the network. You may also want to
> update the krb5.conf file on your samba server to have information info on
> the AD "kerberos" domain. That may help samba locate the the DC for
> the AD domain.
>
>
> Also, pretty sure you need to keep NBT (netbios over tcp ) enable on your
> Windows AD server- which should be the default option. Windows XP (and
> later) AD clients don't need NBT to talk to an AD server so it is possible
> your AD admin turned it off.
>
> I also found that the samba documentation was not as complete or current as
> I would like.
>
>
>
> On 08/05/2010 09:18 AM, Marc Rechté wrote:
>>
>> Hello Gaiseric,
>>
>> Thank you for your answer.
>>
>> My last experience in Windows server was on NT, therefore my knowledge on
>> AD is rather limited. I however work with an AD admin who may answer to some
>> questions.
>>
>> He said the server with which the relation has to be set is in a 2003
>> level forest with a 2003 R2 schema. He also made a reference to MS KB
>> http://support.microsoft.com/kb/325874/ on establishing a trust relation
>> between an NT server and 2003 server and this document does not explicitly
>> state the Windows server must be set in mixed mode.
>>
>> I checked both the Samba3 Official guide and Samba 3 how-to guides but it
>> seems both of them are stuck to 3.0 version. Is there some more updated
>> information regarding domains and AD interoperability in Samba ?
>>
>> Many thanks
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
Hi people.
I'm working on a trust relation between Samba 3.3.X and Windows 2003
AD mixed mode.
I have read the doc about this but for some reason wont work, my
PDC+LDAP is working but I still cannot make this 2 servers share
users.
Could u please give me the process u use to create the relation
between win2k3(in/out) and samba?
I will appreciated, thanks!!!
--
LIving the dream...
More information about the samba
mailing list