[Samba] Interdomain Trusts

Gregory Cushing ioudas at gmail.com
Tue Jun 3 14:24:11 MDT 2014 

Gaiseric,

I think there is some confusion. This person is not running a classic setup
or anything. They want trusts between two domains not within sambas domain
to work. I am not sure we are talking about the same thing.
I do not have the desire to create a trust between samba and any domain.
Rather have one way trusts resolved from dom b.


I have tried this in 3.6.9 as well as 4.1.6 and the trust is actually found
in the log file for winbind. It lists it as a 1 way trust. Yet users are
not mapped. I can confirm that the ID map is accepted. However the fn
query_list returns 0 users.


-Greg


On Tue, Jun 3, 2014 at 4:00 PM, Gaiseric Vandal <gaiseric.vandal at gmail.com>
wrote:

> I use samba 3.6.x for domain controllers for a "classic "
> (security=server) domain.  I have trusts with Windows 2003.       I wanted
> the Samba domain to trust the Windows domain.    My goals did not include
> having the Windows domain trusts the samba domain but I found it didn't
> work right with out two way trusts.
>
>
> If sounds like you are able to get a list of users with wbinfo (wbinfo
> -u), and use the various  wbinfo options to check mappings
>
>  wbinfo -n "TRUSTEDDOMAIN\someuser"
>
> shd return the SID
>
> wbinfo -s "SOMESID"
>
> shd return the name of the trusted user
>
> wbinfo -S "SOMESID"
> shd return an user ID of the trusted user.
>
>
> Your /etc/nsswitch.conf file should have something like
>
>         passwd:     files  winbind
>
>
> The following commands require the nsswitch stuff to be working properly.
>
>
> getent "TRUSTEDDOMAIN\someuser" passwd
> id "TRUSTEDDOMAIN\someuser"
>
>
>
>
>
>
>
> On 06/03/14 14:27, Gregory Cushing wrote:
>
>> Does anyone know if interdomain trusts work in samba at all and what
>> versions they do? I am trying to get a 1 way trust working between two
>> domains and DOM A (which samba is joined to works in mapping users via
>> winbind) just not the one way trust for the other domain.... DOM B
>>
>> Samba is just a joined member of the domain A with security = ads with
>> nothing more than winbind id rid maps for both domains. The ID Map is
>> made,
>> I can do a wbinfo -a and resolve the sid for dom b.
>>
>> I can see the users of the joined domain a with getent, but not with dom
>> b.
>> Looking at the log.wb-DOMB I can see the errors are no inbound trust
>> listed. Yet it is enumerated in the winbind log for dom a to Dom B
>>
>>
>> Any help would be appreciated.
>>
>>
>> -Greg
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list