[Samba] Trust relationship between Windows Domains

Emilio Iglesias Martinez eiglesiasmar at csc.com
Tue Nov 8 01:19:50 MST 2011 

Hello,

  we have the following scenario:

        - Samba v3.0.23d runing under AIX v5.3

        - Two Windows Domains, lets call them D1 and D2, that have a trust 
relationship between them so that any user on D1 can access resources on 
D2 without need to re-authenticate.

Now, for business needs we would like to set up a common repository in our 
AIX server that is accessible from all our AIX and Windows machines. Our 
goal is that any user (independently of the environment or Domain he is 
in) is able to access this repository without need to re-enter any 
credentials.

We have tried associating the Samba instance to domain "D2" and we 
expected that users on domain D1 would be able to access it as well (as it 
happens on Windows machines due to the trust relationship). However, we 
have seen that this is not the case. Users on "D1" can not access the 
Samba repository without re-authenticating using "D2" credentials. It 
seems like Samba is not able to apply the trust relationship that was 
defined at Windows level.

Is there any way we can configure Samba to achieve our goal of granting 
access to the AIX repository to both users on D1 and D2 without need to 
re-authenticate?

Two possible solutions have occurred to us, but we don't know whether they 
are technically feasible or not or how hard they would be to 
implement/maintain:

Option 1) Configure Samba in such a way so that it is able to apply the 
trust relationship that exists between the two windows domains (D1 and 
D2). 
---------------
Option 2) Configure and run a second instance of Samba on the AIX machine. 
One instance would be assigned to D1 and the other instance to D2.
---------------

Can you please advise on the feasibility of these options or provide 
alternatives we have not thought of?

thanks!

EMILIO J. IGLESIAS
ALM - Application Lifecycle Management Engineer
CSC Asturias
WSS | office: +34 985 120341 | email: eiglesiasmar at csc.com | www.csc.com
Advanced Leave notice:  July 29th to Aug 22nd


CSC • This is a PRIVATE message. If you are not the intended recipient, 
please delete without copying and kindly advise us by e-mail of the 
mistake in delivery.  NOTE: Regardless of content, this e-mail shall not 
operate to bind CSC to any order or other contract unless pursuant to 
explicit written agreement or government initiative expressly permitting 
the use of e-mail for such purpose • Computer Sciences España, SA • 
Registered Office: Avenida Diagonal, 545 Pl. 6, Edificio L’Illa, 08029 
Barcelona, Spain • Registered in Spain No: C.i.f. A59425546

More information about the samba mailing list