Setting up domain trusts on SLES (Samba) Servers

This document (7005575) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 10 (SLES 10)
Samba

Situation

Brief instructions with basic information on setting up domain trusts between Windows and SLES servers running Samba.

Resolution

First, a brief example to explain how a domain trust conversation takes place: 
  1. FRED contacts SRV1 to access a resource
  2. SRV1 contacts domA PDC for authentication verification
  3. domA PDC uses the domA$ account to ask domB PDC "Do you know FRED and is this the correct auth info?"
  4. domB PDC says "yes" to domA PDC
  5. domA PDC says "yes" to SRV1
  6. SRV1 lets FRED access the resource
 
 
 
SLES:
 
When setting up domain trusts, say between windows and SLES (samba) the following must be done, even to just set up trusts in one direction.
  1. You must create a trust account on the windows side
  2. Connect to the windows box, from the samba side, using that user account
  3. Next, run the following: net rpc trustdom establish

To describe in more details, say we are trying to setup trusts between two samba servers:

  1. Assume you have two domains: domA and domB
  2. On domA's DC: "net rpc trustdom add domB <password>" (this will create an account called domB$ on domA)
  3. On domB, run the following using the password in number 2 above: "net rpc trustdom establish domA": Enter password when prompted
Once this is completed, the trust is established. This is a one-way trust.  If you do the same, reversing roles, you've established the trust in the other direction.  This is now a two-way trust.
 
The trusts can be listed with the following command:
  • net rpc trustdom list (this will list trusting and trusted domains)

This works the same way with windows using a GUI, which varies depending on the release of windows.

WINDOWS:

(Note: The following are just provided as examples and may not be exactly the type of trust desired.  See Microsoft for more details on setting up domain trusts on Windows servers)

Windows 2000:

START > PROGRAMS > ADMINISTRATIVE TOOLS > ACTIVE DIRECTORY DOMAINS AND TRUSTS > Right Click on Domain > PROPERTIES > TRUSTS tab > Add Samba server domain (keep passwords same); click OK despite warning/error

Windows 2003/2008:

START > PROGRAMS > ADMINISTRATIVE TOOLS > ACTIVE DIRECTORY DOMAINS AND TRUSTS > Right Click on Domain > PROPERTIES > TRUSTS tab > NEW TRUST button > NEXT > Enter Samba Domain and NEXT > REALM TRUST radio button and NEXT > NONTRANSITIVE radio button and NEXT > TWO-WAY radio button and NEXT (if that is what is wanted) > Enter passwords and NEXT > NEXT > FINISH > OK

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7005575
  • Creation Date: 31-Mar-2010
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center