[Samba] status on samba trusts

mj lists at merit.unu.edu
Thu Feb 21 12:21:15 UTC 2019


Having read the release notes on the status of trusts within samba, we 
see for 4.9

 > "improved support for trusted domains"

but we also always see these messages:

 > "Both sides of the trust need to fully trust each other!"
 > "DCs of domain A can grant domain admin rights in domain B"

What we would like to achieve is a one-way incoming trust with a (large) 
external native windows AD domain, to make their users able to access 
our (samba) domain member fileservers.

So, samba would be the "trusting (resource) domain", and the large 
native windows AD domain would be the "trusted (account) domain".

We don't need access to the trusted domain groups and other info, and we 
would not like remote "domain admins" to be become domain admins in our 
samba domain.

Is the above possible with samba at the moment?


More information about the samba mailing list