Setting up domain trusts on SLES (Samba) Servers

1. FRED contacts SRV1 to access a resource
2. SRV1 contacts domA PDC for authentication verification
3. domA PDC uses the domA$ account to ask domB PDC "Do you know FRED and is this the correct auth info?"
4. domB PDC says "yes" to domA PDC
5. domA PDC says "yes" to SRV1
6. SRV1 lets FRED access the resource

1. You must create a trust account on the windows side
2. Connect to the windows box, from the samba side, using that user account
3. Next, run the following: net rpc trustdom establish

To describe in more details, say we are trying to setup trusts between two samba servers:

1. Assume you have two domains: domA and domB
2. On domA's DC: "net rpc trustdom add domB <password>" (this will create an account called domB$ on domA)
3. On domB, run the following using the password in number 2 above: "net rpc trustdom establish domA": Enter password when prompted

• net rpc trustdom list (this will list trusting and trusted domains)

This works the same way with windows using a GUI, which varies depending on the release of windows.

(Note: The following are just provided as examples and may not be exactly the type of trust desired.  See Microsoft for more details on setting up domain trusts on Windows servers)

Windows 2000:

START > PROGRAMS > ADMINISTRATIVE TOOLS > ACTIVE DIRECTORY DOMAINS AND TRUSTS > Right Click on Domain > PROPERTIES > TRUSTS tab > Add Samba server domain (keep passwords same); click OK despite warning/error

Windows 2003/2008:

START > PROGRAMS > ADMINISTRATIVE TOOLS > ACTIVE DIRECTORY DOMAINS AND TRUSTS > Right Click on Domain > PROPERTIES > TRUSTS tab > NEW TRUST button > NEXT > Enter Samba Domain and NEXT > REALM TRUST radio button and NEXT > NONTRANSITIVE radio button and NEXT > TWO-WAY radio button and NEXT (if that is what is wanted) > Enter passwords and NEXT > NEXT > FINISH > OK