I'm running a Samba domain (Samba 3.4.7) with OpenLDAP. I also have an Server 2003 AD domain, and want to set up an external trust so that AD users can access resources on the Samba domain, but not visa versa (I believe this is called a one-way incoming external trust). I'm not finding a lot of information out there that makes sense. Does anybody have any hints? -- Aaron Clausen mightymartianca at gmail.com
From: Aaron Clausen <mightymartianca at gmail.com> Date: Tue, 26 Jul 2011 08:14:39 -0700> I'm running a Samba domain (Samba 3.4.7) with OpenLDAP. I also have > an Server 2003 AD domain, and want to set up an external trust so that > AD users can access resources on the Samba domain, but not visa versa.See http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#id2602062 I examined between Windows Server 2008 (Domain/Forest level is Windows Server 2003) and Samba 3.3.4. --- TAKAHASHI Motonobu <monyo at samba.gr.jp>
Please CC to samba at lists.samba.org From: Aaron Clausen <mightymartianca at gmail.com> Date: Tue, 26 Jul 2011 10:32:41 -0700> On Tue, Jul 26, 2011 at 08:52, TAKAHASHI Motonobu <monyo at monyo.com> wrote: > > Another question. Since the AD and Samba domains are on separate > segments, I'm assuming attempt to establish the trust is going to fail > because Samba cannot see the AD domain controller. How do you get > around that?You have to resolve required NetBIOS names (for example domainname#1B and domainname#1C) correctly by using WINS or LMHOSTS file. The required NetBIOS names are same as that required to establish the trust between AD and Windows NT domain. AFAIK, you also have to create an account on AD whose name and password is same as the user using to establish on Samba. --- TAKAHASHI Motonobu <monyo at samba.gr.jp>