Ignore:
Timestamp:
Oct 30, 2009, 9:39:05 AM (16 years ago)
Author:
Herwig Bauernfeind
Message:

Update 3.3 to 3.3.9

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/samba-3.3.x/docs/htmldocs/Samba3-HOWTO/InterdomainTrusts.html

    r274 r342  
    1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 19. Interdomain Trust Relationships</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="The Official Samba 3.3.x HOWTO and Reference Guide"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="prev" href="securing-samba.html" title="Chapter 18. Securing Samba"><link rel="next" href="msdfs.html" title="Chapter 20. Hosting a Microsoft Distributed File System Tree"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 19. Interdomain Trust Relationships</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="securing-samba.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="msdfs.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="InterdomainTrusts"></a>Chapter 19. Interdomain Trust Relationships</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="orgname">Samba Team</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>&gt;</code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Rafal</span> <span class="orgname">Samba Team</span> <span class="surname">Szczesniak</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:mimir@samba.org">mimir@samba.org</a>&gt;</code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="orgname">The Samba Team</span> <span class="surname">Vernooij</span></h3><span class="contrib">drawing</span> <div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Stephen</span> <span class="surname">Langasek</span></h3><div class="affiliation"><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:vorlon@netexpress.net">vorlon@netexpress.net</a>&gt;</code></p></div></div></div></div><div><p class="pubdate">April 3, 2003</p></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="InterdomainTrusts.html#id2619747">Features and Benefits</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id2619819">Trust Relationship Background</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id2620105">Native MS Windows NT4 Trusts Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#id2620141">Creating an NT4 Domain Trust</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id2620238">Completing an NT4 Domain Trust</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id2620323">Interdomain Trust Facilities</a></span></dt></dl></dd><dt><span class="sect1"><a href="InterdomainTrusts.html#id2620532">Configuring Samba NT-Style Domain Trusts</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#samba-trusted-domain">Samba as the Trusted Domain</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id2620873">Samba as the Trusting Domain</a></span></dt></dl></dd><dt><span class="sect1"><a href="InterdomainTrusts.html#id2621070">NT4-Style Domain Trusts with Windows 2000</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id2621219">Common Errors</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#id2621231">Browsing of Trusted Domain Fails</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id2621277">Problems with LDAP ldapsam and Older Versions of smbldap-tools</a></span></dt></dl></dd></dl></div><p>
     1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 19. Interdomain Trust Relationships</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="The Official Samba 3.3.x HOWTO and Reference Guide"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="prev" href="securing-samba.html" title="Chapter 18. Securing Samba"><link rel="next" href="msdfs.html" title="Chapter 20. Hosting a Microsoft Distributed File System Tree"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 19. Interdomain Trust Relationships</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="securing-samba.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="msdfs.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="InterdomainTrusts"></a>Chapter 19. Interdomain Trust Relationships</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="orgname">Samba Team</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>&gt;</code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Rafal</span> <span class="orgname">Samba Team</span> <span class="surname">Szczesniak</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:mimir@samba.org">mimir@samba.org</a>&gt;</code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="orgname">The Samba Team</span> <span class="surname">Vernooij</span></h3><span class="contrib">drawing</span> <div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Stephen</span> <span class="surname">Langasek</span></h3><div class="affiliation"><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:vorlon@netexpress.net">vorlon@netexpress.net</a>&gt;</code></p></div></div></div></div><div><p class="pubdate">April 3, 2003</p></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="InterdomainTrusts.html#id2619747">Features and Benefits</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id2619819">Trust Relationship Background</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id2620105">Native MS Windows NT4 Trusts Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#id2620141">Creating an NT4 Domain Trust</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id2620238">Completing an NT4 Domain Trust</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id2620323">Interdomain Trust Facilities</a></span></dt></dl></dd><dt><span class="sect1"><a href="InterdomainTrusts.html#id2620532">Configuring Samba NT-Style Domain Trusts</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#samba-trusted-domain">Samba as the Trusted Domain</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id2620873">Samba as the Trusting Domain</a></span></dt></dl></dd><dt><span class="sect1"><a href="InterdomainTrusts.html#id2621070">NT4-Style Domain Trusts with Windows 2000</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id2621219">Common Errors</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#id2621232">Browsing of Trusted Domain Fails</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id2621278">Problems with LDAP ldapsam and Older Versions of smbldap-tools</a></span></dt></dl></dd></dl></div><p>
    22<a class="indexterm" name="id2619527"></a>
    33<a class="indexterm" name="id2619534"></a>
     
    3636(32-bit unsigned variable).
    3737</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
    38 <a class="indexterm" name="id2619723"></a>
     38<a class="indexterm" name="id2619724"></a>
    3939<a class="indexterm" name="id2619730"></a>
    4040<a class="indexterm" name="id2619737"></a>
     
    5858Microsoft Active Directory.
    5959</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2619819"></a>Trust Relationship Background</h2></div></div></div><p>
    60 <a class="indexterm" name="id2619827"></a>
     60<a class="indexterm" name="id2619828"></a>
    6161<a class="indexterm" name="id2619834"></a>
    6262<a class="indexterm" name="id2619841"></a>
     
    7171</p><p>
    7272<a class="indexterm" name="id2619879"></a>
    73 <a class="indexterm" name="id2619885"></a>
     73<a class="indexterm" name="id2619886"></a>
    7474<a class="indexterm" name="id2619892"></a>
    7575<a class="indexterm" name="id2619899"></a>
     
    8787<a class="indexterm" name="id2619951"></a>
    8888<a class="indexterm" name="id2619958"></a>
    89 <a class="indexterm" name="id2619964"></a>
     89<a class="indexterm" name="id2619965"></a>
    9090With Windows NT, Microsoft introduced the ability to allow different security domains
    9191to effect a mechanism so users from one domain may be given access rights and privileges
     
    113113<a class="indexterm" name="id2620067"></a>
    114114<a class="indexterm" name="id2620074"></a>
    115 <a class="indexterm" name="id2620080"></a>
    116 <a class="indexterm" name="id2620087"></a>
     115<a class="indexterm" name="id2620081"></a>
     116<a class="indexterm" name="id2620088"></a>
    117117New to MS Windows 2000 ADS security contexts is the fact that trust relationships are two-way by default.
    118118Also, all inter-ADS domain trusts are transitive. In the case of the red, white, and blue domains, with
     
    203203        MS Windows domain member machines.
    204204        </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2620532"></a>Configuring Samba NT-Style Domain Trusts</h2></div></div></div><p>
    205 <a class="indexterm" name="id2620540"></a>
     205<a class="indexterm" name="id2620541"></a>
    206206This description is meant to be a fairly short introduction about how to set up a Samba server so
    207207that it can participate in interdomain trust relationships. Trust relationship support in Samba
     
    217217sections leads to trust between domains in a purely Samba environment.
    218218</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="samba-trusted-domain"></a>Samba as the Trusted Domain</h3></div></div></div><p>
    219 <a class="indexterm" name="id2620603"></a>
     219<a class="indexterm" name="id2620604"></a>
    220220<a class="indexterm" name="id2620610"></a>
    221221<a class="indexterm" name="id2620617"></a>
     
    251251<a class="indexterm" name="id2620745"></a>
    252252<a class="indexterm" name="id2620752"></a>
    253 <a class="indexterm" name="id2620758"></a>
    254 <a class="indexterm" name="id2620765"></a>
     253<a class="indexterm" name="id2620759"></a>
     254<a class="indexterm" name="id2620766"></a>
    255255After issuing this command, you will be asked to enter the password for the account. You can use any password
    256256you want, but be aware that Windows NT will not change this password until 7 days following account creation.
     
    272272will see the <code class="computeroutput">Trusted domain relationship successfully established</code> message.
    273273</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2620873"></a>Samba as the Trusting Domain</h3></div></div></div><p>
    274 <a class="indexterm" name="id2620881"></a>
    275 <a class="indexterm" name="id2620888"></a>
     274<a class="indexterm" name="id2620882"></a>
     275<a class="indexterm" name="id2620889"></a>
    276276This time activities are somewhat reversed. Again, we'll assume that your domain
    277277controlled by the Samba PDC is called SAMBA and the NT-controlled domain is called RUMBA.
     
    288288the relationship.
    289289</p><p>
    290 <a class="indexterm" name="id2620962"></a>
     290<a class="indexterm" name="id2620963"></a>
    291291<a class="indexterm" name="id2620969"></a>
    292292The password can be arbitrarily chosen. It is easy to change the password from the Samba server whenever you
     
    343343or that suffer regular outages. Network stability and integrity are key concerns with
    344344distributed trusted domains.
    345 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2621231"></a>Browsing of Trusted Domain Fails</h3></div></div></div><p>
     345</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2621232"></a>Browsing of Trusted Domain Fails</h3></div></div></div><p>
    346346<span class="emphasis"><em>Browsing from a machine in a trusted Windows 200x domain to a Windows 200x member of
    347347a trusting Samba domain, I get the following error:</em></span>
     
    361361the domain.  If you are running as an account that has privileges to do this
    362362when you unjoin the machine, it is done; otherwise it is not done.
    363 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2621277"></a>Problems with LDAP ldapsam and Older Versions of smbldap-tools</h3></div></div></div><p>
     363</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2621278"></a>Problems with LDAP ldapsam and Older Versions of smbldap-tools</h3></div></div></div><p>
    364364If you use the <code class="literal">smbldap-useradd</code> script to create a trust
    365365account to set up interdomain trusts, the process of setting up the trust will
Note: See TracChangeset for help on using the changeset viewer.