[Samba] Interdomain Trusts
Gaiseric Vandal
gaiseric.vandal at gmail.com
Tue Jun 3 14:00:43 MDT 2014
I use samba 3.6.x for domain controllers for a "classic "
(security=server) domain. I have trusts with Windows 2003. I
wanted the Samba domain to trust the Windows domain. My goals did not
include having the Windows domain trusts the samba domain but I found it
didn't work right with out two way trusts.
If sounds like you are able to get a list of users with wbinfo (wbinfo
-u), and use the various wbinfo options to check mappings
wbinfo -n "TRUSTEDDOMAIN\someuser"
shd return the SID
wbinfo -s "SOMESID"
shd return the name of the trusted user
wbinfo -S "SOMESID"
shd return an user ID of the trusted user.
Your /etc/nsswitch.conf file should have something like
passwd: files winbind
The following commands require the nsswitch stuff to be working properly.
getent "TRUSTEDDOMAIN\someuser" passwd
id "TRUSTEDDOMAIN\someuser"
On 06/03/14 14:27, Gregory Cushing wrote:
> Does anyone know if interdomain trusts work in samba at all and what
> versions they do? I am trying to get a 1 way trust working between two
> domains and DOM A (which samba is joined to works in mapping users via
> winbind) just not the one way trust for the other domain.... DOM B
>
> Samba is just a joined member of the domain A with security = ads with
> nothing more than winbind id rid maps for both domains. The ID Map is made,
> I can do a wbinfo -a and resolve the sid for dom b.
>
> I can see the users of the joined domain a with getent, but not with dom b.
> Looking at the log.wb-DOMB I can see the errors are no inbound trust
> listed. Yet it is enumerated in the winbind log for dom a to Dom B
>
>
> Any help would be appreciated.
>
>
> -Greg
More information about the samba
mailing list