The setup is working on both side, the only difference between what is written in Samba HOWTO is, as i said in a previous message:
- configure DNS on the Samba server so that the Samba server can resolv Active Directory special DNS names (i had to install a local correctly configured bind caching nameserver cause the guy who is using the Active Directory server didn't used our company global DNS) - configure Kerberos client on the Samba server (the same way you do it when Samba is an Active Directory member server) Now i can "see" Active Directory users and groups on the Samba server (with wbinfo) and Active Directory "see" the Samba users and groups. 2008/10/27 Steven Geerts <[EMAIL PROTECTED]>: > Can you share us some more information on how you configured everyting. > > Did you try trusting a 2003 AD domain to your samba domain? > > Should be great if this was possible? > > Best regards > > steven > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Sébastien Prud'homme > Sent: maandag 27 oktober 2008 13:16 > To: Gerald Carter > Cc: samba@lists.samba.org > Subject: Re: [Samba] Re: Interdomain trust between Samba and W2003 ADS in > native mode > > Thanks. > > FYI i have set up my Samba system to use the ADS DNS and i've > configured /etc/krb5.conf with the ADS realm and now i can see ADS > users and groups with wbinfo :-) > > I also changed some Samba conf as read in Red Hat Knowlegde Base (my > distro is RHEL5.2): > client schannel = No > client use spnego = No > server signing = Auto > > 2008/10/25 Gerald Carter <[EMAIL PROTECTED]>: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hey Ryan, >> >>> Samba3 cannot act as an AD domain controller and therefore cannot >>> operate in a trust with a native mode AD domain. Samba4 will be able >>> to do this but it is still under heavy development. >>> >>> If you put your AD domain in mixed mode, you should be able to create >>> the trust although I'm not sure if you can convert a native to mixed >>> mode or not... >> >> This is incorrect. Native mode AD can have trusts with NT4 domains >> (and therefore with Sambas as well). >> >> >> >> >> >> cheers, jerry >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.6 (GNU/Linux) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iD8DBQFJA2CAIR7qMdg1EfYRAgozAKDC8+hK93zGK0NTA6U1WGrCqV88/gCg2Z/I >> PPW3rEqIWTlJiAUVTTMmtT8= >> =+V6v >> -----END PGP SIGNATURE----- >> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba