Alan Broady
2006-Dec-16 00:22 UTC
[Samba] Fileserver for Two AD Forests with No Trust Relationship
Hi, I have the following situation: I'm designing a solution for an organization with two Active Directory forests. The forests do not have a trust relationship, and there is no chance to get them to move to a trust relationship (at least within a reasonable timescale). I need to set up a fileserver than both sets of users can access, with Windows authentication. I could host this on a UNIX box (probably AIX) or on a Windows box (probably W2003 Server). AFAIK, there is no way to set up a single instance of Samba to realize this (or at least without getting into hacking the source / special builds, which also would be unacceptable - I must use widely available / standard products). Mad idea: 2 x UNIX servers (or logical partitions - bit like a VMWare image). On each UNIX server, run Samba. One server is a "normal" Samba fileserver Other server has files from the first server mounted via NFS. Would it work? If not why not? Issue? Better ideas (please!!) Thanks!!! Alan
Andrew Morgan
2006-Dec-16 01:28 UTC
[Samba] Fileserver for Two AD Forests with No Trust Relationship
On Fri, 15 Dec 2006, Alan Broady wrote:> Hi, > > I have the following situation: > > I'm designing a solution for an organization with two Active Directory > forests. The forests do not have a trust relationship, and there is no > chance to get them to move to a trust relationship (at least within a > reasonable timescale). > > I need to set up a fileserver than both sets of users can access, with > Windows authentication. I could host this on a UNIX box (probably AIX) > or on a Windows box (probably W2003 Server). > > AFAIK, there is no way to set up a single instance of Samba to realize > this (or at least without getting into hacking the source / special > builds, which also would be unacceptable - I must use widely available > / standard products). > > Mad idea: > > 2 x UNIX servers (or logical partitions - bit like a VMWare image). > On each UNIX server, run Samba. > One server is a "normal" Samba fileserver > Other server has files from the first server mounted via NFS. > > Would it work? > If not why not? > Issue? > > Better ideas (please!!)You could probably run both copies of Samba on a single box by having each Samba bind to a separate network interface. I'm not sure how you could handle the local unix accounts needed though, since winbind to 2 forests would be pretty hairy. Andy
Seemingly Similar Threads
- Interdomain trust between Samba and W2003 ADS in native mode
- problems trusting a w2003 domain server from samba 3
- ggplot/time series with indicators question
- second DC behavior when first switched off
- ICH7 SATA RAID Broken, Was (Re: Timescale for 6.1-RELEASE...)