[Samba] [4.0] Inter-realm trust
abartlet at samba.org
Thu Apr 4 19:05:03 MDT 2013
On Thu, 2013-03-28 at 13:16 +0100, Kaito Kumashiro wrote:
> I know that inter-domain trust is not supported in Samba, but is it
> possible to create an inter-realm trust on Kerberos level? I have a
> kerberized service in realm X (Samba 4.0 as DC) and I want to allow users
> from realm Y (also Samba 4.0, but different domain) to access it using
> SPNEGO GSSAPI.
> If it is possible, how can I accomplish this?
You can try and set up such a trust with the windows tools. The pure
kerberos level should work (because it is a natrual part of kerberos,
which we didn't cripple, but instead did the small work to enable and
the FreeIPA project added the RPC calls for), but not much else will.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba