diff options
Diffstat (limited to 'docs/htmldocs/Samba3-HOWTO/InterdomainTrusts.html')
| -rw-r--r-- | docs/htmldocs/Samba3-HOWTO/InterdomainTrusts.html | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/docs/htmldocs/Samba3-HOWTO/InterdomainTrusts.html b/docs/htmldocs/Samba3-HOWTO/InterdomainTrusts.html index 5508f0c2a0..84fc97fb92 100644 --- a/docs/htmldocs/Samba3-HOWTO/InterdomainTrusts.html +++ b/docs/htmldocs/Samba3-HOWTO/InterdomainTrusts.html @@ -1,10 +1,10 @@ -<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 19. Interdomain Trust Relationships</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="The Official Samba 3.5.x HOWTO and Reference Guide"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="prev" href="securing-samba.html" title="Chapter 18. Securing Samba"><link rel="next" href="msdfs.html" title="Chapter 20. Hosting a Microsoft Distributed File System Tree"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 19. Interdomain Trust Relationships</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="securing-samba.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="msdfs.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 19. Interdomain Trust Relationships"><div class="titlepage"><div><div><h2 class="title"><a name="InterdomainTrusts"></a>Chapter 19. Interdomain Trust Relationships</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Rafal</span> <span class="surname">Szczesniak</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:mimir@samba.org">mimir@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><span class="contrib">drawing</span> <div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jelmer@samba.org">jelmer@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Stephen</span> <span class="surname">Langasek</span></h3><div class="affiliation"><div class="address"><p><code class="email"><<a class="email" href="mailto:vorlon@netexpress.net">vorlon@netexpress.net</a>></code></p></div></div></div></div><div><p class="pubdate">April 3, 2003</p></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="InterdomainTrusts.html#id386823">Features and Benefits</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id386889">Trust Relationship Background</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id387143">Native MS Windows NT4 Trusts Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#id387177">Creating an NT4 Domain Trust</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id387268">Completing an NT4 Domain Trust</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id387348">Interdomain Trust Facilities</a></span></dt></dl></dd><dt><span class="sect1"><a href="InterdomainTrusts.html#id387544">Configuring Samba NT-Style Domain Trusts</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#samba-trusted-domain">Samba as the Trusted Domain</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id387860">Samba as the Trusting Domain</a></span></dt></dl></dd><dt><span class="sect1"><a href="InterdomainTrusts.html#id388043">NT4-Style Domain Trusts with Windows 2000</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id388180">Common Errors</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#id388191">Browsing of Trusted Domain Fails</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id388228">Problems with LDAP ldapsam and Older Versions of smbldap-tools</a></span></dt></dl></dd></dl></div><p> +<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 19. Interdomain Trust Relationships</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="The Official Samba 3.5.x HOWTO and Reference Guide"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="prev" href="securing-samba.html" title="Chapter 18. Securing Samba"><link rel="next" href="msdfs.html" title="Chapter 20. Hosting a Microsoft Distributed File System Tree"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 19. Interdomain Trust Relationships</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="securing-samba.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="msdfs.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 19. Interdomain Trust Relationships"><div class="titlepage"><div><div><h2 class="title"><a name="InterdomainTrusts"></a>Chapter 19. Interdomain Trust Relationships</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Rafal</span> <span class="surname">Szczesniak</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:mimir@samba.org">mimir@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><span class="contrib">drawing</span> <div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jelmer@samba.org">jelmer@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Stephen</span> <span class="surname">Langasek</span></h3><div class="affiliation"><div class="address"><p><code class="email"><<a class="email" href="mailto:vorlon@netexpress.net">vorlon@netexpress.net</a>></code></p></div></div></div></div><div><p class="pubdate">April 3, 2003</p></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="InterdomainTrusts.html#id386823">Features and Benefits</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id386889">Trust Relationship Background</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id387144">Native MS Windows NT4 Trusts Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#id387178">Creating an NT4 Domain Trust</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id387268">Completing an NT4 Domain Trust</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id387348">Interdomain Trust Facilities</a></span></dt></dl></dd><dt><span class="sect1"><a href="InterdomainTrusts.html#id387544">Configuring Samba NT-Style Domain Trusts</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#samba-trusted-domain">Samba as the Trusted Domain</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id387860">Samba as the Trusting Domain</a></span></dt></dl></dd><dt><span class="sect1"><a href="InterdomainTrusts.html#id388043">NT4-Style Domain Trusts with Windows 2000</a></span></dt><dt><span class="sect1"><a href="InterdomainTrusts.html#id388180">Common Errors</a></span></dt><dd><dl><dt><span class="sect2"><a href="InterdomainTrusts.html#id388191">Browsing of Trusted Domain Fails</a></span></dt><dt><span class="sect2"><a href="InterdomainTrusts.html#id388228">Problems with LDAP ldapsam and Older Versions of smbldap-tools</a></span></dt></dl></dd></dl></div><p> <a class="indexterm" name="id386616"></a> <a class="indexterm" name="id386623"></a> <a class="indexterm" name="id386630"></a> <a class="indexterm" name="id386636"></a> <a class="indexterm" name="id386643"></a> -<a class="indexterm" name="id386649"></a> +<a class="indexterm" name="id386650"></a> <a class="indexterm" name="id386656"></a> <a class="indexterm" name="id386663"></a> <a class="indexterm" name="id386670"></a> @@ -15,7 +15,7 @@ some background information regarding trust relationships and how to create them possible for Samba-3 to trust NT4 (and vice versa), as well as to create Samba-to-Samba trusts. </p><p> -<a class="indexterm" name="id386683"></a> +<a class="indexterm" name="id386684"></a> <a class="indexterm" name="id386690"></a> <a class="indexterm" name="id386697"></a> <a class="indexterm" name="id386704"></a> @@ -26,7 +26,7 @@ dependent on the specification of a valid UID range and a valid GID range in the These are specified respectively using: </p><table border="0" summary="Simple list" class="simplelist"><tr><td><a class="indexterm" name="id386743"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id386754"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr></table><p> <a class="indexterm" name="id386766"></a> -<a class="indexterm" name="id386772"></a> +<a class="indexterm" name="id386773"></a> <a class="indexterm" name="id386779"></a> <a class="indexterm" name="id386786"></a> The range of values specified must not overlap values used by the host operating system and must @@ -36,7 +36,7 @@ limited parameter. Linux kernel 2.6-based systems support a maximum value of 429 (32-bit unsigned variable). </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> <a class="indexterm" name="id386801"></a> -<a class="indexterm" name="id386807"></a> +<a class="indexterm" name="id386808"></a> <a class="indexterm" name="id386814"></a> The use of winbind is necessary only when Samba is the trusting domain, not when it is the trusted domain. @@ -50,7 +50,7 @@ trust relationships. This imparts to Samba scalability similar to that with MS W <a class="indexterm" name="id386856"></a> <a class="indexterm" name="id386863"></a> <a class="indexterm" name="id386870"></a> -<a class="indexterm" name="id386876"></a> +<a class="indexterm" name="id386877"></a> Given that Samba-3 can function with a scalable backend authentication database such as LDAP, and given its ability to run in primary as well as backup domain control modes, the administrator would be well-advised to consider alternatives to the use of interdomain trusts simply because, by the very nature of how trusts @@ -59,7 +59,7 @@ Microsoft Active Directory. </p></div><div class="sect1" title="Trust Relationship Background"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id386889"></a>Trust Relationship Background</h2></div></div></div><p> <a class="indexterm" name="id386897"></a> <a class="indexterm" name="id386904"></a> -<a class="indexterm" name="id386910"></a> +<a class="indexterm" name="id386911"></a> <a class="indexterm" name="id386917"></a> <a class="indexterm" name="id386924"></a> <a class="indexterm" name="id386931"></a> @@ -72,7 +72,7 @@ large and diverse organizations. <a class="indexterm" name="id386944"></a> <a class="indexterm" name="id386951"></a> <a class="indexterm" name="id386958"></a> -<a class="indexterm" name="id386964"></a> +<a class="indexterm" name="id386965"></a> <a class="indexterm" name="id386971"></a> Microsoft developed Active Directory Service (ADS), based on Kerberos and LDAP, as a means of circumventing the limitations of the older technologies. Not every organization is ready @@ -82,7 +82,7 @@ desire to go through a disruptive change to adopt ADS. </p><p> <a class="indexterm" name="id386985"></a> <a class="indexterm" name="id386992"></a> -<a class="indexterm" name="id386998"></a> +<a class="indexterm" name="id386999"></a> <a class="indexterm" name="id387005"></a> <a class="indexterm" name="id387012"></a> <a class="indexterm" name="id387019"></a> @@ -112,21 +112,21 @@ Relationships are explicit and not transitive. <a class="indexterm" name="id387103"></a> <a class="indexterm" name="id387110"></a> <a class="indexterm" name="id387117"></a> -<a class="indexterm" name="id387123"></a> +<a class="indexterm" name="id387124"></a> <a class="indexterm" name="id387130"></a> New to MS Windows 2000 ADS security contexts is the fact that trust relationships are two-way by default. Also, all inter-ADS domain trusts are transitive. In the case of the red, white, and blue domains, with Windows 2000 and ADS, the red and blue domains can trust each other. This is an inherent feature of ADS domains. Samba-3 implements MS Windows NT4-style interdomain trusts and interoperates with MS Windows 200x ADS security domains in similar manner to MS Windows NT4-style domains. -</p></div><div class="sect1" title="Native MS Windows NT4 Trusts Configuration"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id387143"></a>Native MS Windows NT4 Trusts Configuration</h2></div></div></div><p> -<a class="indexterm" name="id387151"></a> +</p></div><div class="sect1" title="Native MS Windows NT4 Trusts Configuration"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id387144"></a>Native MS Windows NT4 Trusts Configuration</h2></div></div></div><p> +<a class="indexterm" name="id387152"></a> <a class="indexterm" name="id387161"></a> -<a class="indexterm" name="id387167"></a> +<a class="indexterm" name="id387168"></a> There are two steps to creating an interdomain trust relationship. To effect a two-way trust relationship, it is necessary for each domain administrator to create a trust account for the other domain to use in verifying security credentials. -</p><div class="sect2" title="Creating an NT4 Domain Trust"><div class="titlepage"><div><div><h3 class="title"><a name="id387177"></a>Creating an NT4 Domain Trust</h3></div></div></div><p> +</p><div class="sect2" title="Creating an NT4 Domain Trust"><div class="titlepage"><div><div><h3 class="title"><a name="id387178"></a>Creating an NT4 Domain Trust</h3></div></div></div><p> <a class="indexterm" name="id387185"></a> <a class="indexterm" name="id387192"></a> <a class="indexterm" name="id387199"></a> @@ -157,7 +157,7 @@ next to the box that is labeled <span class="guilabel">Trusted Domains</span>. A must be entered the name of the remote domain as well as the password assigned to that trust. </p></div><div class="sect2" title="Interdomain Trust Facilities"><div class="titlepage"><div><div><h3 class="title"><a name="id387348"></a>Interdomain Trust Facilities</h3></div></div></div><p> <a class="indexterm" name="id387356"></a> -<a class="indexterm" name="id387362"></a> +<a class="indexterm" name="id387363"></a> <a class="indexterm" name="id387369"></a> <a class="indexterm" name="id387376"></a> <a class="indexterm" name="id387383"></a> @@ -209,7 +209,7 @@ is at an early stage, so do not be surprised if something does not function as i </p><p> <a class="indexterm" name="id387565"></a> <a class="indexterm" name="id387572"></a> -<a class="indexterm" name="id387578"></a> +<a class="indexterm" name="id387579"></a> <a class="indexterm" name="id387585"></a> Each of the procedures described next assumes the peer domain in the trust relationship is controlled by a Windows NT4 server. However, the remote end could just as well be another Samba-3 domain. It can be clearly @@ -242,7 +242,7 @@ account with the Interdomain trust flag</span>”</span>. <a class="indexterm" name="id387699"></a> <a class="indexterm" name="id387706"></a> <a class="indexterm" name="id387713"></a> -<a class="indexterm" name="id387719"></a> +<a class="indexterm" name="id387720"></a> The account name will be <span class="quote">“<span class="quote">rumba$</span>”</span> (the name of the remote domain). If this fails, you should check that the trust account has been added to the system password database (<code class="filename">/etc/passwd</code>). If it has not been added, you @@ -260,7 +260,7 @@ appropriate for your configuration) and see that the account's name is really RU Windows NT Server. </p><p> <a class="indexterm" name="id387780"></a> -<a class="indexterm" name="id387786"></a> +<a class="indexterm" name="id387787"></a> <a class="indexterm" name="id387793"></a> <a class="indexterm" name="id387800"></a> <a class="indexterm" name="id387807"></a> @@ -287,7 +287,7 @@ Now, next to the <span class="guilabel">Trusting Domains</span> box, press the < button and type in the name of the trusted domain (SAMBA) and the password to use in securing the relationship. </p><p> -<a class="indexterm" name="id387944"></a> +<a class="indexterm" name="id387945"></a> <a class="indexterm" name="id387951"></a> The password can be arbitrarily chosen. It is easy to change the password from the Samba server whenever you want. After you confirm the password, your account is ready for use. Now its Samba's turn. |