Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Samba HowTo Guide
Prev Home Next

Interdomain Trusts

Interdomain trust relationships form the primary mechanism by which users from one domain can be granted access rights and privileges in another domain.

To discover what trust relationships are in effect, execute this command:

root#  net rpc trustdom list -Uroot%not24get
Trusted domains list:

none

Trusting domains list:

none

There are no interdomain trusts at this time; the following steps will create them.

It is necessary to create a trust account in the local domain. A domain controller in a second domain can create a trusted connection with this account. That means that the foreign domain is being trusted to access resources in the local domain. This command creates the local trust account:

root#  net rpc trustdom add DAMNATION f00db4r -Uroot%not24get

The account can be revealed by using the pdbedit as shown here:

root#  pdbedit -Lw DAMNATION\$
DAMNATION$:1016:9AC1F121DF897688AAD3B435B51404EE: \
7F845808B91BB9F7FEF44B247D9DC9A6:[I         ]:LCT-428934B1:

A trust account will always have an I in the field within the square brackets.

If the trusting domain is not capable of being reached, the following command will fail:

root#  net rpc trustdom list -Uroot%not24get
Trusted domains list:

none

Trusting domains list:

DAMNATION           S-1-5-21-1385457007-882775198-1210191635

The above command executed successfully; a failure is indicated when the following response is obtained:

net rpc trustdom list -Uroot%not24get
Trusted domains list:

DAMNATION           S-1-5-21-1385457007-882775198-1210191635

Trusting domains list:

DAMNATION           domain controller is not responding

Where a trust account has been created on a foreign domain, Samba is able to establish the trust (connect with) the foreign account. In the process it creates a one-way trust to the resources on the remote domain. This command achieves the objective of joining the trust relationship:

root#  net rpc trustdom establish DAMNATION
Password: xxxxxxx	== f00db4r
Could not connect to server TRANSGRESSION
Trust to domain DAMNATION established

Validation of the two-way trust now established is possible as shown here:

root#  net rpc trustdom list -Uroot%not24get
Trusted domains list:

DAMNATION           S-1-5-21-1385457007-882775198-1210191635

Trusting domains list:

DAMNATION           S-1-5-21-1385457007-882775198-1210191635

Sometimes it is necessary to remove the ability for local users to access a foreign domain. The trusting connection can be revoked as shown here:

root#  net rpc trustdom revoke DAMNATION -Uroot%not24get

At other times it becomes necessary to remove the ability for users from a foreign domain to be able to access resources in the local domain. The command shown here will do that:

root#  net rpc trustdom del DAMNATION -Uroot%not24get

Samba HowTo Guide
Prev Home Next

 
 
  Published under the terms fo the GNU General Public License Design by Interspire