Hi I would like to setup interdomain trust between AD domain (on Server 2008, in native mode) and Samba (version 3.3.3 with Fedora DS LDAP). I want users from Samba domain to authenticate in AD domain (outgoing trust on AD domain). Is this scenario possible? Regards
Robert Ludvik pravi:> Hi > I would like to setup interdomain trust between AD domain (on Server > 2008, in native mode) and Samba (version 3.3.3 with Fedora DS LDAP). I > want users from Samba domain to authenticate in AD domain (outgoing > trust on AD domain). Is this scenario possible? > RegardsOK, I setup outgoing trust from AD to Samba domain but it stops at Validation. When I click on Validate, I get the following error: Verification of the trust between the domain AD_DOMAIN and the domain SAMBA_DOMAIN was unsuccessful because: Access is denied. To repair a trust to a pre-Windows 2000 domain you must remove and re-add the trust on both sides. On Samba side I have user "domaintrust" with samba flag [I] (added and edited trough Ldapadmin tool in ou=People,dc=domain,dc=tld) and the same user and password in AD. What can I do to get this to work? Regards
Robert Ludvik pravi:> Robert Ludvik pravi: >> Hi >> I would like to setup interdomain trust between AD domain (on Server >> 2008, in native mode) and Samba (version 3.3.3 with Fedora DS LDAP). >> I want users from Samba domain to authenticate in AD domain (outgoing >> trust on AD domain). Is this scenario possible? >> Regards > OK, I setup outgoing trust from AD to Samba domain but it stops at > Validation. When I click on Validate, I get the following error: > > Verification of the trust between the domain AD_DOMAIN and the domain > SAMBA_DOMAIN was unsuccessful because: Access is denied. > To repair a trust to a pre-Windows 2000 domain you must remove and > re-add the trust on both sides. > > On Samba side I have user "domaintrust" with samba flag [I] (added and > edited trough Ldapadmin tool in ou=People,dc=domain,dc=tld) and the > same user and password in AD. > What can I do to get this to work? > Regards >Working now, sorry for disturbing. Had to create user for interdomain trust with *the same* name as AD domain. Regards