Hi all,
below is my lab environment, I want to using *CHILD 's users for
authentication. I * tryed create Forest1 and Forest2 2-way-trust, and
tested samba3 and samba4 just work fine. *but if I change 2-way-trust to
1-way-trust. the winbind3&4 would lost the Forest1's child domain trust.
does winbind support forest one-way-trust? or I missed some
configuration? *
*also I search a lot of same question about this but do not seen an
official answer. *
Any help would be gratefully appreciated. Thanks!
work fine:
+---------------+ +---------------+
| | | | |
Forest 1 | +--------------> | Forest 2 | | |
| | | |
<--------------+ | |
+-------+-------+ 2-way +-------+-------+
^ Trust ^
| | AD-JOIN
+-------+-------+ +-----+-----------+|
| | node1 | node2 |
| CHILD | | WINBIND3|winbind4|
| | | |
+---------------+ +------------------+
<#work-bad>work bad:
+---------------+ +---------------+
| | | | |
Forest 1 | +--------------> | Forest 2 | | |
| | | |
| |
+-------+-------+ one-way +-------+-------+
^ Trust ^
| | AD-JOIN
+-------+-------+ +-----+-----------+|
| | node1 | node2 |
| CHILD | | WINBIND3|winbind4|
| | | |
+---------------+ +------------------+