Ralph Boehme
2024-Nov-12 15:21 UTC
[Samba] Accessing Samba domain member shares from trusted domain
On 11/12/24 3:06 PM, Vaughan, Robert J via samba wrote:> It's not a straight forward task it seems.it is. Read page 14 ff, ignore the rest as it applies to Samba as an AD DC. -slow -- SerNet Samba Team Lead https://sernet.de/ Samba Team Member https://samba.org/ SAMBA+ packages https://samba.plus/ -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20241112/52803766/OpenPGP_signature.sig>
Vaughan, Robert J
2024-Nov-12 15:37 UTC
[Samba] Accessing Samba domain member shares from trusted domain
One difference I see is that in the doc it shows ... root at linux-client:/home/vagrant# wbinfo --online-status BUILTIN : online LINUX-CLIENT : online S1 : online S2 : online But for me, ... # wbinfo --online-status BUILTIN : active connection LOCALHOST : active connection TRUSTING : active connection TRUSTED : no active connection Does my Samba server in the trusting domain need to be able to talk to the DC (and KDC) in the trusted domain? Why the 'no active connection'? Thanks, Robert Vaughan UNIX and Linux Systems IT - Infrastructure General Dynamics Land Systems - Canada Office: +1 519 964 5276 Mobile: +1 519 639 8151 vaughar2 at gdls.com -----Original Message----- From: Ralph Boehme <slow at samba.org> Sent: Tuesday, November 12, 2024 10:22 AM To: Vaughan, Robert J <vaughar2 at gdls.com>; samba at lists.samba.org Subject: Re: [Samba] Accessing Samba domain member shares from trusted domain On 11/12/24 3:06 PM, Vaughan, Robert J via samba wrote:> It's not a straight forward task it seems.it is. Read page 14 ff, ignore the rest as it applies to Samba as an AD DC. -slow -- SerNet Samba Team Lead https://sernet.de/ Samba Team Member https://samba.org/ SAMBA+ packages https://samba.plus/ ---------------------------------------------------------------------- This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated.
Vaughan, Robert J
2024-Nov-12 17:20 UTC
[Samba] Accessing Samba domain member shares from trusted domain
Hi Ralph So in my situation where the AD trust is one-way, not transitive, and the trusting domain is external, and both domains are AD (Kerberos only, no NTLM)? This should all work for a Samba server domain member in the trusting domain sharing to the trusted domain, where the Samba server cannot see the trusted domain DC/KDC? Thanks, Rob -----Original Message----- From: Ralph Boehme <slow at samba.org> Sent: Tuesday, November 12, 2024 10:22 AM To: Vaughan, Robert J <vaughar2 at gdls.com>; samba at lists.samba.org Subject: Re: [Samba] Accessing Samba domain member shares from trusted domain On 11/12/24 3:06 PM, Vaughan, Robert J via samba wrote:> It's not a straight forward task it seems.it is. Read page 14 ff, ignore the rest as it applies to Samba as an AD DC. -slow -- SerNet Samba Team Lead https://sernet.de/ Samba Team Member https://samba.org/ SAMBA+ packages https://samba.plus/ ---------------------------------------------------------------------- This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated.