Well, the idea was to have OLDDOMAIN and NEWDOMAIN authenticating users simultaneously as we migrate people to NEWDOMAIN in a controlled/progressive rollout.. I assume my samba box will no longer act as a domain controller if I make it a member server of the 2008 box, but I would actually like to be wrong on this point. ;-)
On Sun, 17 Jan 2010 18:03:13 +1030 "malz" <[email protected]> wrote: > > As a thought, can you put the Samba box in as a member server of the > Server 2008 AD ? Run the 2008 Server in 2003 AD mode and it will work > perfectly. I have done this successfully. > > 2008 AD Server (DNS/AD/WINS) > Suse 11.0 Member server (Samba version 3.4.4-1.1-2267-SUSE-CODE11) > (F&P, Postfix Mail) > > You won't have to worry about your trust issues this way. > > Cheers > Mal > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Steve Chupack > Sent: Sunday, 17 January 2010 2:44 AM > To: [email protected] > Subject: [Samba] Domain trusts and samba member servers > > Below is something I posted a while ago and got no responses... Maybe it > was too convoluted for anyone to bother with, so let me try and put it > more simply. > > I have a Win Server 2008 AD box (NEWDOMAIN) which is trusted by my samba > DC (OLDDOMAIN). Users on NEWDOMAIN can access resources on the OLDDOMAIN > DC just fine. But the trust relationship is not recognized or respected > by my samba member servers in OLDDOMAIN. > > So, very simply put, even if nobody has the specific howto: Do samba > member servers understand interdomain trusts? > > Thanks for any and all input -- I am at a standstill with a fairly major > project and any help at all would be greatly appreciated. I have a > suspicion it has something to do with winbind on the member servers, but > I'm having no luck. > > > > > On Thu, 6 Aug 2009 08:39:51 -0400 > Steve Chupack <[email protected]> wrote: > > > I'm in the process of migrating from a Samba PDC to a Win2k3 PDC (all > member servers will remain as Samba boxes). > > > > NEWDOMAIN = new Win2k3 PDC > > OLDDOMAIN = current samba PDC > > OLDDOMAIN_MEMBER = a current samba box that's a member of OLDDOMAIN > > > > I've successfully established a trust relationship between OLDOMAIN > and NEWDOMAIN where OLDDOMAIN trusts NEWDOMAIN. Users in NEWDOMAIN have > full access to resources on the OLDDOMAIN PDC. > > > > Where I'm stuck is granting access to OLDDOMAIN_MEMBER to users in > NEWDOMAIN. OLDDOMAIN_MEMBER is joined to OLDDOMAIN and works as expected > (Users in OLDDOMAIN can access resources on OLDDOMAIN_MEMBER. But users > in NEWDOMAIN do not. > > > > Can someone help with the general concept here? Should it work as I've > configured it? Does OLDDOMAIN_MEMBER need to be running winbind against > OLDDOMAIN PDC, or even NEWDOMAIN? (although I don't see how the latter > would work without moving OLDDOMAIN_MEMBER to NEWDOMAIN). > > > > Sorry if this is confusing -- tried to make it as clear as possible. > > > > Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
