Also: I'm not sure I follow what's being said about AD access control,
but the comment "my admin account has read-only access to the user
accounts" worries me a bit. In builds before 142, the configuration
needs to be such that our machine account has read access to any user
records that are going to be used.
(BTW, that requirement, and the requirement for a 2-way trust, continues
past build 142 if you use AD directory-based mapping.)
Alan Wright wrote:
The SMB service fully supports trusts in snv_134 but due to
an idmap limitation only two-way trusts will work on that build.
You would need snv_142 to use a one-way trust, which I suspect
is what you are describing below.
Alan
-------- Original Message --------
Subject: [cifs-discuss] Are domain trusts supported?
Date: Thu, 02 Sep 2010 18:11:43 PDT
From: artiepen <no-re...@opensolaris.org>
To: cifs-discuss@opensolaris.org
We currently have a test machine running svn_134 and we'd like to try
it in our AD environment. Our AD environment has two domains: dom1.com
and dom2.com with a Forest trust.
I can only create computer accounts in dom1.com, dom2.com has user
accounts and I cannot create computer accounts, but my admin account
has read-only access to the user accounts (so that I can add the user
objects to Universal groups in dom1.com).
I've created a computer account in dom1.com and joined the osol test
machine to it. I've made some shares. My administrative account can
read/write to those shares, but when I log into a windows machine with
my dom2.com account, I get "Access Denied".
Is there some special way to configure cifs to allow the account from
dom2.com to write?
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
