samba - Nov 2013 - samba4 in AD with multiple domains

From the FAQ:

Q: Does Samba support trust relationship with AD?
A: Trusts are currently not finished implemented. Samba can be trusted, 
but can't trust yet.

Does this mean that in a single-forest multiple-domain AD environment, 
samba will only know about accounts in it's own domain? Or does this 
statement apply to forest-forest trusts?

M.

-- 
Michael Brown               | `One of the main causes of the fall of
Systems Consultant          | the Roman Empire was that, lacking zero,
Net Direct Inc.             | they had no way to indicate successful
?: +1 519 883 1172 x5106    | termination of their C programs.' - Firth

On Tue, 2013-11-26 at 11:51 -0500, Michael Brown wrote:
>  From the FAQ:
> 
> Q: Does Samba support trust relationship with AD?
> A: Trusts are currently not finished implemented. Samba can be trusted, 
> but can't trust yet.
> 
> Does this mean that in a single-forest multiple-domain AD environment, 
> samba will only know about accounts in it's own domain? Or does this 
> statement apply to forest-forest trusts?
In the AD DC, there is some support for inter-forest trusts, mostly
because we didn't remove trusts from our KDC, but very little else in
Samba knows about it.  The LSA server can set up and manage some aspects
of trusts. 

Does this clarify things for you?

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba