[Samba] Active Directory Trust issues

Denis Cardon denis.cardon at tranquil-it-systems.fr
Fri Jul 31 13:55:55 UTC 2015

Hi Umar,

> I am using SAMBA 4.1.6 AD on Ubuntu 14.04.02, I am trying to use the Active
> Directory Domains and Trust tool but it keeps giving me this message.

Domain trust is not yet supported in that old samba version. There is 
some support in the next release 4.3. From the annonce mail [1] of the 
Samba 4.3rc1:

Improved support for trusted domains (as AD DC)

The support for trusted domains/forests has improved a lot.

samba-tool got "domain trust" subcommands to manage trusts:

   create      - Create a domain or forest trust.
   delete      - Delete a domain trust.
   list        - List domain trusts.
   namespaces  - Manage forest trust namespaces.
   show        - Show trusted domain details.
   validate    - Validate a domain trust.

External trusts between individual domains work in both ways
(inbound and outbound). The same applies to root domains of
a forest trust. The transitive routing into the other forest
is fully functional for kerberos, but not yet supported for NTLMSSP.

While a lot of things are working fine, there are currently a few

   - Both sides of the trust need to fully trust each other!
   - No SID filtering rules are applied at all!
   - This means DCs of domain A can grant domain admin rights
     in domain B.
   - It's not possible to add users/groups of a trusted domain
     into domain groups.



[1] https://download.samba.org/pub/samba/rc/WHATSNEW-4.3.0rc1.txt

> I am trying to fix this issue:
> The requested operation cannot be completed. The computer must be trusted
> for delegation and the current user account must be configured to allow
> delegation.
>   (SQLEditors)
> Would you please help how I can solve this issue?
> Br.
> Umar

Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0)

More information about the samba mailing list