Good morning Andrew (and Stefan)! I have created a new case (SRX080731600024) for your questions; one of our team will take ownership of this shortly, and will contact you concerning same.
Regards, Bill Wesse MCSE / Escalation Engineer, US-CSS DSC PROTOCOL TEAM 8055 Microsoft Way Charlotte, NC 28273 TEL: 980-776-8200 CELL: 704-661-5438 FAX: 704-665-9606 We're Hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted -----Original Message----- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Thursday, July 31, 2008 2:54 AM To: Stefan (metze) Metzmacher Cc: Interoperability Documentation Help; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Pfif] Relationship between trusted domain object On Thu, 2008-07-31 at 08:46 +0200, Stefan (metze) Metzmacher wrote: > Andrew Bartlett schrieb: > > I am requesting correction assistance regarding trusted domain objects: > > > > What is the relationship between the trusted domain object under > > cn=users,... and that under cn=system,...? > > > > The documentation in MS-ADTS 7.1.6 does not seen to cover the 'user' > > type objects. How and when are the passwords updated in both > > objects, and what linkage is made between the two objects (I would > > have expected a DN forward and reverse link, such as between the > > computer account and it's entry in cn=configuration) > > I assume the one in cn=otherdomain1,cn=users, is the trust account, if > your domain trusts 'otherdomain1'. It matches what samba3 has in it's > passdb. > > And cn=otherdomain2, cn=system, holds information you need to contact > 'otherdomain2', which itself trusts your domain. It matches what > samba3 has in the secrets.tdb. > > I'm not 100% if this is correct... This is what I always assumed, but then the cn=system account has (and the documentation goes to great lengths to explain) trustAuthIncoming and trustAuthOutgoing, which implies that the CN=system holds the full details - except then what is the cn=users account for? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
