Kraa de Simon
2004-Feb-27 13:31 UTC
[Samba] Is this how "trusted domains" work in Samba 3?
Hello all, Samba 3.0.1 on Sun Solaris 5.9. I need to get my story straight before I ask the people with the necessary access rights to do the Samba setup. I would appreciate it if someone could validate my story below. Thanks! Simon. The situation: * There are 2 domains: - EMEA (PDC=EMEAD01,BDC=EMEAD02) - NLRESOURCES (PDC=NLRESOD01,BDC=NLRESOD02) * Users have accounts on the EMEA domain. * There are no user accounts defined on the NLRESOURCES domain. * The Samba server is in domain NLRESOURCES. * EMEA is trusted by NLRESOURCES. Part of smb.conf looks like: workgroup = NLRESOURCES security = DOMAIN password server = NLRESOD01,NLRESOD02 allow trusted domains = YES This is how it all should work: "User kraades is defined in the domain EMEA, the Samba server is a member of the domain NLRESOURCES. The domain EMEA is trusted by the domain NLRESOURCES. This means that user kraades or any other user of EMEA can access ressources in the domain NLRESOURCES,even if they don't have a account in NLRESOURCES. This is the trust relationship principe of a NT domain. Because Samba is a resource in the domain NLRESOURCES, user kraades can access it without having been defined in the PDC of NLRESOURCES. The only need is to have a unix account on Samba called kraades." This is what I should do: * Create a machine account for the Samba server on the PDC of NLRESOURCES. * Execute the command "net join -S NLRESOD01-UAdministrator%password" on the Samba server.
Andrew Bartlett
2004-Feb-29 21:23 UTC
[Samba] Is this how "trusted domains" work in Samba 3?
On Sat, 2004-02-28 at 00:30, Kraa de Simon wrote:> Hello all, > > Samba 3.0.1 on Sun Solaris 5.9. > > I need to get my story straight before I ask the people with the necessary > access rights to do the Samba setup. > > I would appreciate it if someone could validate my story below.That sounds like a standard resource/user domain configuration, and you are correct, joining the resource domain should be sufficient. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040301/e620b303/attachment.bin