Samba 3.0.21rc2 domain trusting Win2k3 SP1 AD
Pierre Filippone
pierre.filippone at retail-sc.com
Thu Dec 15 16:01:58 GMT 2005
Sorry to disturb again,
but I need a little bit of help regarding interdomain trusts to Win2k3
SP1. I am testing with 3.0.21rc2.
I am trying to replace some NT4 DCs by Samba 3. So far all tests regarding
interdomain trusts went well - except trusting win2k3 SP1.
Win2k3 trusting the Samba domain seems to work fine, although it took some
tricks, to establish the trust:
The other direction is my problem: Samba domain trusting win2k3 AD
I managed to establish the trust.
"wbinfo -m" shows the AD domain. But "wbinfo -u" does not show users or
groups from the AD.
On a Windows member of the Samba domain I can select users and groups from
AD, for example to add to share permissions, but when I re-open the share
configuration, only the SIDS are listed.
When I try to access resources on servers in the samba domain from the
Win3k3 DC I am always prompted for uid and password.
I guess winbindd has problems accessing resources on the Win2k3 domain
controller.
The AD is in mixed mode and pre-windows2000 compatible permissions are
enabled. I even set "restrictanonymous" and "restrictanonymoussam" to 0
in the win registry. It did not change anything.
So here is my question:
Should the trust work at all ?
I've read some postings regarding enumeration of win2k3 sp1 domain users
but all seem to be related to samba acting as a member server in an AD
domain. I can't find anything regarding interdomain trusts. Are these
problems related ?
Or am I simply doing something wrong ?
I am a little bit stuck here, because unless this kind of trusts works, at
least with some sort of registry hacks, I cannot replace the WinNT
servers.
Any answer would be highly appreciated.
Thanks,
Pierre Filippone
More information about the samba-technical
mailing list