[Samba] Accessing Samba domain member shares from trusted domain
Ralph Boehme
slow at samba.org
Tue Nov 12 17:25:51 UTC 2024
On 11/12/24 6:20 PM, Vaughan, Robert J via samba wrote:
> So in my situation where the AD trust is one-way, not transitive,
> and the trusting domain is external, and both domains are AD
> (Kerberos only, no NTLM)?
>
> This should all work for a Samba server domain member in the
> trusting domain sharing to the trusted domain, where the Samba
> server cannot see the trusted domain DC/KDC?
yes.
I would make sure to use "winbind scan trusted domains = yes" and ignore
the wbinfo -m and --online-status stuff. As a domain member, we should
only ever talk to a DC of our primary domain and with "winbind scan
trusted domains = yes" that's exactly how we will behave. Trusted
domains are added to our internal list of known domains when a user from
a trusted domains authenticates and will then start appearing in the
wbinfo commands, but not otherwise.
-slow
--
SerNet Samba Team Lead https://sernet.de/
Samba Team Member https://samba.org/
SAMBA+ packages https://samba.plus/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20241112/735d76b6/OpenPGP_signature.sig>
More information about the samba
mailing list