- Timestamp:
- Nov 14, 2012, 12:59:34 PM (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
TabularUnified vendor/current/docs/htmldocs/Samba3-HOWTO/InterdomainTrusts.html ¶
r597 r740 1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 19. Interdomain Trust Relationships</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="The Official Samba 3.5.x HOWTO and Reference Guide"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="prev" href="securing-samba.html" title="Chapter 18. Securing Samba"><link rel="next" href="msdfs.html" title="Chapter 20. Hosting a Microsoft Distributed File System Tree"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 19. Interdomain Trust Relationships</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="securing-samba.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="msdfs.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 19. Interdomain Trust Relationships"><div class="titlepage"><div><div><h2 class="title"><a name="InterdomainTrusts"></a>Chapter 19. Interdomain Trust Relationships</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Rafal</span> <span class="surname">Szczesniak</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:mimir@samba.org">mimir@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><span class="contrib">drawing</span> <div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jelmer@samba.org">jelmer@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Stephen</span> <span class="surname">Langasek</span></h3><div class="affiliation"><div class="address"><p><code class="email"><<a class="email" href="mailto:vorlon@netexpress.net">vorlon@netexpress.net</a>></code></p></div></div></div></div><div><p class="pubdate">April 3, 2003</p></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="InterdomainTrusts.html#id386823">Features and Benefits</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id386889">Trust Relationship Background</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id38714 3">Native MS Windows NT4 Trusts Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#id387177">Creating an NT4 Domain Trust</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id387268">Completing an NT4 Domain Trust</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id387348">Interdomain Trust Facilities</a></span></dt></dl></dd><dt><span class="sect1"><a href="InterdomainTrusts.html#id387544">Configuring Samba NT-Style Domain Trusts</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#samba-trusted-domain">Samba as the Trusted Domain</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id387860">Samba as the Trusting Domain</a></span></dt></dl></dd><dt><span class="sect1"><a href="InterdomainTrusts.html#id388043">NT4-Style Domain Trusts with Windows 2000</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id388180">Common Errors</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#id388191">Browsing of Trusted Domain Fails</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id388228">Problems with LDAP ldapsam and Older Versions of smbldap-tools</a></span></dt></dl></dd></dl></div><p>1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 19. Interdomain Trust Relationships</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="The Official Samba 3.5.x HOWTO and Reference Guide"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="prev" href="securing-samba.html" title="Chapter 18. Securing Samba"><link rel="next" href="msdfs.html" title="Chapter 20. Hosting a Microsoft Distributed File System Tree"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 19. Interdomain Trust Relationships</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="securing-samba.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="msdfs.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 19. Interdomain Trust Relationships"><div class="titlepage"><div><div><h2 class="title"><a name="InterdomainTrusts"></a>Chapter 19. Interdomain Trust Relationships</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Rafal</span> <span class="surname">Szczesniak</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:mimir@samba.org">mimir@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><span class="contrib">drawing</span> <div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jelmer@samba.org">jelmer@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Stephen</span> <span class="surname">Langasek</span></h3><div class="affiliation"><div class="address"><p><code class="email"><<a class="email" href="mailto:vorlon@netexpress.net">vorlon@netexpress.net</a>></code></p></div></div></div></div><div><p class="pubdate">April 3, 2003</p></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="InterdomainTrusts.html#id386823">Features and Benefits</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id386889">Trust Relationship Background</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id387144">Native MS Windows NT4 Trusts Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#id387178">Creating an NT4 Domain Trust</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id387268">Completing an NT4 Domain Trust</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id387348">Interdomain Trust Facilities</a></span></dt></dl></dd><dt><span class="sect1"><a href="InterdomainTrusts.html#id387544">Configuring Samba NT-Style Domain Trusts</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#samba-trusted-domain">Samba as the Trusted Domain</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id387860">Samba as the Trusting Domain</a></span></dt></dl></dd><dt><span class="sect1"><a href="InterdomainTrusts.html#id388043">NT4-Style Domain Trusts with Windows 2000</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id388180">Common Errors</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#id388191">Browsing of Trusted Domain Fails</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id388228">Problems with LDAP ldapsam and Older Versions of smbldap-tools</a></span></dt></dl></dd></dl></div><p> 2 2 <a class="indexterm" name="id386616"></a> 3 3 <a class="indexterm" name="id386623"></a> … … 5 5 <a class="indexterm" name="id386636"></a> 6 6 <a class="indexterm" name="id386643"></a> 7 <a class="indexterm" name="id3866 49"></a>7 <a class="indexterm" name="id386650"></a> 8 8 <a class="indexterm" name="id386656"></a> 9 9 <a class="indexterm" name="id386663"></a> … … 16 16 trusts. 17 17 </p><p> 18 <a class="indexterm" name="id38668 3"></a>18 <a class="indexterm" name="id386684"></a> 19 19 <a class="indexterm" name="id386690"></a> 20 20 <a class="indexterm" name="id386697"></a> … … 27 27 </p><table border="0" summary="Simple list" class="simplelist"><tr><td><a class="indexterm" name="id386743"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id386754"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr></table><p> 28 28 <a class="indexterm" name="id386766"></a> 29 <a class="indexterm" name="id38677 2"></a>29 <a class="indexterm" name="id386773"></a> 30 30 <a class="indexterm" name="id386779"></a> 31 31 <a class="indexterm" name="id386786"></a> … … 37 37 </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> 38 38 <a class="indexterm" name="id386801"></a> 39 <a class="indexterm" name="id38680 7"></a>39 <a class="indexterm" name="id386808"></a> 40 40 <a class="indexterm" name="id386814"></a> 41 41 The use of winbind is necessary only when Samba is the trusting domain, not when it is the … … 51 51 <a class="indexterm" name="id386863"></a> 52 52 <a class="indexterm" name="id386870"></a> 53 <a class="indexterm" name="id38687 6"></a>53 <a class="indexterm" name="id386877"></a> 54 54 Given that Samba-3 can function with a scalable backend authentication database such as LDAP, and given its 55 55 ability to run in primary as well as backup domain control modes, the administrator would be well-advised to … … 60 60 <a class="indexterm" name="id386897"></a> 61 61 <a class="indexterm" name="id386904"></a> 62 <a class="indexterm" name="id38691 0"></a>62 <a class="indexterm" name="id386911"></a> 63 63 <a class="indexterm" name="id386917"></a> 64 64 <a class="indexterm" name="id386924"></a> … … 73 73 <a class="indexterm" name="id386951"></a> 74 74 <a class="indexterm" name="id386958"></a> 75 <a class="indexterm" name="id38696 4"></a>75 <a class="indexterm" name="id386965"></a> 76 76 <a class="indexterm" name="id386971"></a> 77 77 Microsoft developed Active Directory Service (ADS), based on Kerberos and LDAP, as a means … … 83 83 <a class="indexterm" name="id386985"></a> 84 84 <a class="indexterm" name="id386992"></a> 85 <a class="indexterm" name="id38699 8"></a>85 <a class="indexterm" name="id386999"></a> 86 86 <a class="indexterm" name="id387005"></a> 87 87 <a class="indexterm" name="id387012"></a> … … 113 113 <a class="indexterm" name="id387110"></a> 114 114 <a class="indexterm" name="id387117"></a> 115 <a class="indexterm" name="id38712 3"></a>115 <a class="indexterm" name="id387124"></a> 116 116 <a class="indexterm" name="id387130"></a> 117 117 New to MS Windows 2000 ADS security contexts is the fact that trust relationships are two-way by default. … … 120 120 domains. Samba-3 implements MS Windows NT4-style interdomain trusts and interoperates with MS Windows 200x ADS 121 121 security domains in similar manner to MS Windows NT4-style domains. 122 </p></div><div class="sect1" title="Native MS Windows NT4 Trusts Configuration"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id38714 3"></a>Native MS Windows NT4 Trusts Configuration</h2></div></div></div><p>123 <a class="indexterm" name="id38715 1"></a>122 </p></div><div class="sect1" title="Native MS Windows NT4 Trusts Configuration"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id387144"></a>Native MS Windows NT4 Trusts Configuration</h2></div></div></div><p> 123 <a class="indexterm" name="id387152"></a> 124 124 <a class="indexterm" name="id387161"></a> 125 <a class="indexterm" name="id38716 7"></a>125 <a class="indexterm" name="id387168"></a> 126 126 There are two steps to creating an interdomain trust relationship. To effect a two-way trust 127 127 relationship, it is necessary for each domain administrator to create a trust account for the 128 128 other domain to use in verifying security credentials. 129 </p><div class="sect2" title="Creating an NT4 Domain Trust"><div class="titlepage"><div><div><h3 class="title"><a name="id38717 7"></a>Creating an NT4 Domain Trust</h3></div></div></div><p>129 </p><div class="sect2" title="Creating an NT4 Domain Trust"><div class="titlepage"><div><div><h3 class="title"><a name="id387178"></a>Creating an NT4 Domain Trust</h3></div></div></div><p> 130 130 <a class="indexterm" name="id387185"></a> 131 131 <a class="indexterm" name="id387192"></a> … … 158 158 </p></div><div class="sect2" title="Interdomain Trust Facilities"><div class="titlepage"><div><div><h3 class="title"><a name="id387348"></a>Interdomain Trust Facilities</h3></div></div></div><p> 159 159 <a class="indexterm" name="id387356"></a> 160 <a class="indexterm" name="id38736 2"></a>160 <a class="indexterm" name="id387363"></a> 161 161 <a class="indexterm" name="id387369"></a> 162 162 <a class="indexterm" name="id387376"></a> … … 210 210 <a class="indexterm" name="id387565"></a> 211 211 <a class="indexterm" name="id387572"></a> 212 <a class="indexterm" name="id38757 8"></a>212 <a class="indexterm" name="id387579"></a> 213 213 <a class="indexterm" name="id387585"></a> 214 214 Each of the procedures described next assumes the peer domain in the trust relationship is controlled by a … … 243 243 <a class="indexterm" name="id387706"></a> 244 244 <a class="indexterm" name="id387713"></a> 245 <a class="indexterm" name="id3877 19"></a>245 <a class="indexterm" name="id387720"></a> 246 246 The account name will be <span class="quote">“<span class="quote">rumba$</span>”</span> (the name of the remote domain). 247 247 If this fails, you should check that the trust account has been added to the system … … 261 261 </p><p> 262 262 <a class="indexterm" name="id387780"></a> 263 <a class="indexterm" name="id38778 6"></a>263 <a class="indexterm" name="id387787"></a> 264 264 <a class="indexterm" name="id387793"></a> 265 265 <a class="indexterm" name="id387800"></a> … … 288 288 the relationship. 289 289 </p><p> 290 <a class="indexterm" name="id38794 4"></a>290 <a class="indexterm" name="id387945"></a> 291 291 <a class="indexterm" name="id387951"></a> 292 292 The password can be arbitrarily chosen. It is easy to change the password from the Samba server whenever you
Note:
See TracChangeset
for help on using the changeset viewer.
