[Samba] [Samba4] 4.3.0 trust relationship

mathias dufresne infractory at gmail.com
Wed Sep 2 13:04:19 UTC 2015

My bad.

Trust relationship is created and can be check using winbind:
wbinfo -u -> get local users list
wbinfo -u --domain=trusted.domain.tld -> get trusted domain users list
(short domain can be used too)

It can also be validated using --local-dc-username and --local-dc-password

samba-tool domain trust validate trusted.domain.tld \
 --local-dc-password=trustedAdminPass \
 --local-dc-username=administrator \
 -U administrator at trusted.domain.tld

Using Samba's internal DNS make DNS queries forwarding transparent (with
the few tools I think about to check).

To be able to connect on machine.A.domain.tld using a user from
B.domain.tld you'll have to "Authenticated users" special group to RDP
authorized peoples.

You did a great work Samba team : )



2015-08-24 13:53 GMT+02:00 mathias dufresne <infractory at gmail.com>:

> Hi all,
> I was testing the 4.3.0 version to see what is available with trust
> relationship but except having my DCs telling me there are trust
> relationship and using the global catalog to perform search (but with only
> search for object in a.domain.tld when search is performed against
> dc.a.domain.tld) I can do nothing else.
> My own knowledge on that subject is quiet null so I come to you asking
> some questions:
> - are trust relationship already supposed to grant cross-domain
> authentication from Windows clients? Ex: user at a.domain.tld connecting on
> computer at b.domain.tld
> - are ldapsearch queries supposed to work when asking to dc.a.domain.tld
> some information about object contained in b.domain.tld?
> Or was I just to enthusiast?
> Is there already some document related to these trust relationships
> somewhere else than "samba-tool domain trust --help"?
> Best regards,
> mathias

More information about the samba mailing list