[Samba] S4 : trusting 2003 domain

Andrew Bartlett abartlet at samba.org
Fri Mar 8 23:51:56 MST 2013

On Fri, 2013-03-08 at 10:45 +0100, BOTZ Franck (Informaticien) - DDT
67/SG/MGI/CI wrote:
> Hi Andrew
> My question: is it possible to mix a solution to enable a trusting relation ?
> I explain :
> I have 2 different domains name : DOMAIN1 and DOMAIN2
> DOMAIN1 = manage with windows 2003 PDC
> DOMAIN2 = the new domain
> Like building a trust relation isn't possible between S4 and 2003 if I  
> do this :
> 1- Install a Win2003Server which manage the DOMAIN2
> 2- Build a trust relation between the DOMAIN1 and DOMAIN2 will be functionnal
> 3- Joining a new DC on DOMAIN2 (a Samba4 DC)

This join will fail, or if it succeed it simply won't honour the domain
trust correctly, particularly for NTLM (some kerberos operations will
succeed - we have some small part of the features implemented here) 

> 4- Joining a new member server for file share (Samba4 member server)
> Can I use the DOMAIN1 users/groups on this member server ?


> If I stop the Win2003Server which manage the DOMAIN2, what's happened ?

The issue isn't about joining the domains (we have a working command to
do that), it is about runtime support. 

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list