samba - Jun 2002 - Trust Domains ...

Greetings ...

	Please could someone confirm that Samba 2.2.x and Samba 3.0 ( Head ) does 
not support Trusts between domains.

Thanks
Mailed
Lee

Le Mardi 4 Juin 2002 15:23, C.Lee Taylor a ?crit :
> Greetings ...
>
> 	Please could someone confirm that Samba 2.2.x and Samba 3.0 ( Head ) does
> not support Trusts between domains.
>
2.2.X doesn't, 3.0 will, though I don't know if CVS version does it yet.

It should be possible with TNG, but I never tried:
http://mordor.clayton.edu/samba-tng/tng-pdc-trust.html
> Thanks
> Mailed
> Lee
-- 
Sylvestre Taburet - Project Manager
Mandrakesoft S.A. - 43, rue d'Aboukir, 75002 Paris - FRANCE
+33 (1) 40 41 00 41 - http://www.linux-mandrake.com

This may be an impossible question, and I don't mean to be a mean
taskmaster, but what kind of timeframe are we looking at for a 3.x release?
Our office is a mongrelmix of Linux, W2k, and NT and while we are definitely
not going to go to an XP environment, we would like to increase linux usage
on the backend. Some of the connectivity to W2k that you talk about here
would go a long way to that.

Thanks,

Greg
> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet@pcug.org.au]
> Sent: June 4, 2002 3:02 PM
> To: staburet@mandrakesoft.com
> Cc: C.Lee Taylor; samba@lists.samba.org
> Subject: Re: [Samba] Trust Domains ...
> 
> I understand it goes like this:
> 
> Samba 2.2 supports being trusted by NT.  Its a bit odd, and 
> mainly works
> due to the fact that domain logons and interdomain logons are almost
> exactly the same.  Not 'supported', and only works for NT domains
with
> just a PDC.
> 
> Samba HEAD has support for both being trusted by NT and 
> trusting NT.  We
> don't support doing anything with Win2k ATM.  Trusting NT is still a
> work in progress, but we have shown the basic concepts.
> 
> Samba TNG claims support for being trusted, but I've not tested it
> myself.  You will need current CVS - TNG was able to pick up some of
> HEAD's work in this area to get around some nasty bugs.  Samba-TNG
> trusting NT domains is a bit dodgy, becouse you need to setup the
> 'username map' manually.
> 
> Andrew Bartlett
> 
> -- 
> Andrew Bartlett                                 abartlet@pcug.org.au
> Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
> Student Network Administrator, Hawker College   abartlet@hawkerc.net
> http://samba.org     http://build.samba.org     http://hawkerc.net
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

(Embedded                                                        
 image moved   "C.Lee Taylor" <leet@leenx.co.za>
 to file:      06/06/2002 01:54 PM                                
 pic01468.pcx)                                                    
                                                                  







Greetings ...

     After a little research (somebody did a bit or work ;-O ) with google and
the replies to my questions, this what I think I understand and will test
very soon ( Hope not to make an ass of myself. )

Andrew Bartlett wrote:
> Samba 2.2 supports being trusted by NT.  Its a bit odd, and mainly works
> due to the fact that domain logons and interdomain logons are almost
> exactly the same.  Not 'supported', and only works for NT domains
with
> just a PDC.
     Okay, I asked this question before, but got no responce, so I am going to
ask again, but this time with a little more details from my side.

     NT4sp6 PDC with Exchange 5.5sp4 host the mail ( and other resouces ) for my
Linux domain.  I wish to setup a Trust domain.

     If I understand this correctly, the NT4 domain needs to trust my Samba
domain.

     Now according to http://mordor.clayton.edu/samba-tng/tng-pdc-trust.html as
my reference, I will need to setup a machine account for the DOMAIN, PDC
and each of the BDC's and then in the User Manager setup the trust
relationship.

     This feel like I am missing something, because when a machine joins the
domain, it normally needs root password ( which I don't wish to give to NT4
Admin ) and now I don't see any password been setup here ... it just does
not seem secure.  If I set my root password to something easy for the trust
setup and make it secure afterwards would that not break the trust ...

     As I said, it feel like I am missing something.  I have a funny feeling
that
my Samba server should join the NT4 domain, but then I don't see anything
that says I have too.  What should the security option set too, because I
have see a few errors in one of my domains that have a LDAP SAM, which I
had to change the option until the errors went away without kill my
network.  Once I get this right, I will get a friend to help document what
I have done, maybe it could be tha basis for mini-howto or something. This
all seems like too much.

     Thanks for all the help everybody has given me.

Mailed
Lee


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic01468.pcx
Type: application/octet-stream
Size: 2427 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20020606/0a06562a/pic01468.obj

(Embedded                                                        
 image moved   "C.Lee Taylor" <leet@leenx.co.za>
 to file:      06/06/2002 01:54 PM                                
 pic26037.pcx)                                                    
                                                                  








 (Embedded
 image moved   "C.Lee Taylor" <leet@leenx.co.za>
 to file:      06/06/2002 01:54 PM
 pic01468.pcx)








Greetings ...

     After a little research (somebody did a bit or work ;-O ) with google and
the replies to my questions, this what I think I understand and will test
very soon ( Hope not to make an ass of myself. )

Andrew Bartlett wrote:
> Samba 2.2 supports being trusted by NT.  Its a bit odd, and mainly works
> due to the fact that domain logons and interdomain logons are almost
> exactly the same.  Not 'supported', and only works for NT domains
with
> just a PDC.
     Okay, I asked this question before, but got no responce, so I am going to
ask again, but this time with a little more details from my side.

     NT4sp6 PDC with Exchange 5.5sp4 host the mail ( and other resouces ) for my
Linux domain.  I wish to setup a Trust domain.

     If I understand this correctly, the NT4 domain needs to trust my Samba
domain.

     Now according to http://mordor.clayton.edu/samba-tng/tng-pdc-trust.html as
my reference, I will need to setup a machine account for the DOMAIN, PDC
and each of the BDC's and then in the User Manager setup the trust
relationship.

     This feel like I am missing something, because when a machine joins the
domain, it normally needs root password ( which I don't wish to give to NT4
Admin ) and now I don't see any password been setup here ... it just does
not seem secure.  If I set my root password to something easy for the trust
setup and make it secure afterwards would that not break the trust ...

     As I said, it feel like I am missing something.  I have a funny feeling
that
my Samba server should join the NT4 domain, but then I don't see anything
that says I have too.  What should the security option set too, because I
have see a few errors in one of my domains that have a LDAP SAM, which I
had to change the option until the errors went away without kill my
network.  Once I get this right, I will get a friend to help document what
I have done, maybe it could be tha basis for mini-howto or something. This
all seems like too much.

     Thanks for all the help everybody has given me.

Mailed
Lee


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic01468.pcx
Type: application/octet-stream
Size: 2427 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20020606/ad8c74c2/pic01468.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic26037.pcx
Type: application/octet-stream
Size: 2427 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20020606/ad8c74c2/pic26037.obj

(Embedded                                                        
 image moved   "C.Lee Taylor" <leet@leenx.co.za>
 to file:      06/06/2002 01:54 PM                                
 pic05180.pcx)                                                    
                                                                  








 (Embedded
 image moved   "C.Lee Taylor" <leet@leenx.co.za>
 to file:      06/06/2002 01:54 PM
 pic26037.pcx)









 (Embedded
 image moved   "C.Lee Taylor" <leet@leenx.co.za>
 to file:      06/06/2002 01:54 PM
 pic01468.pcx)








Greetings ...

     After a little research (somebody did a bit or work ;-O ) with google and
the replies to my questions, this what I think I understand and will test
very soon ( Hope not to make an ass of myself. )

Andrew Bartlett wrote:
> Samba 2.2 supports being trusted by NT.  Its a bit odd, and mainly works
> due to the fact that domain logons and interdomain logons are almost
> exactly the same.  Not 'supported', and only works for NT domains
with
> just a PDC.
     Okay, I asked this question before, but got no responce, so I am going to
ask again, but this time with a little more details from my side.

     NT4sp6 PDC with Exchange 5.5sp4 host the mail ( and other resouces ) for my
Linux domain.  I wish to setup a Trust domain.

     If I understand this correctly, the NT4 domain needs to trust my Samba
domain.

     Now according to http://mordor.clayton.edu/samba-tng/tng-pdc-trust.html as
my reference, I will need to setup a machine account for the DOMAIN, PDC
and each of the BDC's and then in the User Manager setup the trust
relationship.

     This feel like I am missing something, because when a machine joins the
domain, it normally needs root password ( which I don't wish to give to NT4
Admin ) and now I don't see any password been setup here ... it just does
not seem secure.  If I set my root password to something easy for the trust
setup and make it secure afterwards would that not break the trust ...

     As I said, it feel like I am missing something.  I have a funny feeling
that
my Samba server should join the NT4 domain, but then I don't see anything
that says I have too.  What should the security option set too, because I
have see a few errors in one of my domains that have a LDAP SAM, which I
had to change the option until the errors went away without kill my
network.  Once I get this right, I will get a friend to help document what
I have done, maybe it could be tha basis for mini-howto or something. This
all seems like too much.

     Thanks for all the help everybody has given me.

Mailed
Lee


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic01468.pcx
Type: application/octet-stream
Size: 2427 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20020606/d99f0cba/pic01468.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic26037.pcx
Type: application/octet-stream
Size: 2427 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20020606/d99f0cba/pic26037.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic05180.pcx
Type: application/octet-stream
Size: 2427 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20020606/d99f0cba/pic05180.obj