On Thu, 2008-07-31 at 08:46 +0200, Stefan (metze) Metzmacher wrote: > Andrew Bartlett schrieb: > > I am requesting correction assistance regarding trusted domain objects: > > > > What is the relationship between the trusted domain object under > > cn=users,... and that under cn=system,...? > > > > The documentation in MS-ADTS 7.1.6 does not seen to cover the 'user' > > type objects. How and when are the passwords updated in both objects, > > and what linkage is made between the two objects (I would have expected > > a DN forward and reverse link, such as between the computer account and > > it's entry in cn=configuration) > > I assume the one in cn=otherdomain1,cn=users, is the trust account, if > your domain trusts 'otherdomain1'. It matches what samba3 has in it's > passdb. > > And cn=otherdomain2, cn=system, holds information you need to contact > 'otherdomain2', which itself trusts your domain. It matches what > samba3 has in the secrets.tdb. > > I'm not 100% if this is correct...
This is what I always assumed, but then the cn=system account has (and the documentation goes to great lengths to explain) trustAuthIncoming and trustAuthOutgoing, which implies that the CN=system holds the full details - except then what is the cn=users account for? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
