Web lists-archives.com

[Samba] status on samba trusts




Hi,

Having read the release notes on the status of trusts within samba, we see for 4.9

> "improved support for trusted domains"

but we also always see these messages:

> "Both sides of the trust need to fully trust each other!"
and
> "DCs of domain A can grant domain admin rights in domain B"

What we would like to achieve is a one-way incoming trust with a (large) external native windows AD domain, to make their users able to access our (samba) domain member fileservers.

So, samba would be the "trusting (resource) domain", and the large native windows AD domain would be the "trusted (account) domain".

We don't need access to the trusted domain groups and other info, and we would not like remote "domain admins" to be become domain admins in our samba domain.

Is the above possible with samba at the moment?

Thanks!
MJ

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba