[Samba] Interdomain Trusts

Gaiseric Vandal gaiseric.vandal at gmail.com
Tue Jun 3 14:00:43 MDT 2014

I use samba 3.6.x for domain controllers for a "classic " 
(security=server) domain.  I have trusts with Windows 2003.       I 
wanted the Samba domain to trust the Windows domain.    My goals did not 
include having the Windows domain trusts the samba domain but I found it 
didn't work right with out two way trusts.

If sounds like you are able to get a list of users with wbinfo (wbinfo 
-u), and use the various  wbinfo options to check mappings

  wbinfo -n "TRUSTEDDOMAIN\someuser"

shd return the SID

wbinfo -s "SOMESID"

shd return the name of the trusted user

wbinfo -S "SOMESID"
shd return an user ID of the trusted user.

Your /etc/nsswitch.conf file should have something like

         passwd:     files  winbind

The following commands require the nsswitch stuff to be working properly.

getent "TRUSTEDDOMAIN\someuser" passwd
id "TRUSTEDDOMAIN\someuser"

On 06/03/14 14:27, Gregory Cushing wrote:
> Does anyone know if interdomain trusts work in samba at all and what
> versions they do? I am trying to get a 1 way trust working between two
> domains and DOM A (which samba is joined to works in mapping users via
> winbind) just not the one way trust for the other domain.... DOM B
> Samba is just a joined member of the domain A with security = ads with
> nothing more than winbind id rid maps for both domains. The ID Map is made,
> I can do a wbinfo -a and resolve the sid for dom b.
> I can see the users of the joined domain a with getent, but not with dom b.
> Looking at the log.wb-DOMB I can see the errors are no inbound trust
> listed. Yet it is enumerated in the winbind log for dom a to Dom B
> Any help would be appreciated.
> -Greg

More information about the samba mailing list