[Samba] status on samba trusts
mj
lists at merit.unu.edu
Thu Feb 21 12:21:15 UTC 2019
Hi,
Having read the release notes on the status of trusts within samba, we
see for 4.9
> "improved support for trusted domains"
but we also always see these messages:
> "Both sides of the trust need to fully trust each other!"
and
> "DCs of domain A can grant domain admin rights in domain B"
What we would like to achieve is a one-way incoming trust with a (large)
external native windows AD domain, to make their users able to access
our (samba) domain member fileservers.
So, samba would be the "trusting (resource) domain", and the large
native windows AD domain would be the "trusted (account) domain".
We don't need access to the trusted domain groups and other info, and we
would not like remote "domain admins" to be become domain admins in our
samba domain.
Is the above possible with samba at the moment?
Thanks!
MJ
More information about the samba
mailing list