Samba-3 supports NT4-style domain trust relationships. This is a feature that many sites will want to use if they migrate to Samba-3 from an NT4-style domain and do not want to adopt Active Directory or an LDAP-based authentication backend. This chapter explains some background information regarding trust relationships and how to create them. It is now possible for Samba-3 to trust NT4 (and vice versa), as well as to create Samba-to-Samba trusts.

The use of interdomain trusts requires use of winbind , so the winbindd daemon must be running. Winbind operation in this mode is dependent on the specification of a valid UID range and a valid GID range in the smb.conf file. These are specified respectively using:

The range of values specified must not overlap values used by the host operating system and must not overlap values used in the passdb backend for POSIX user accounts. The maximum value is limited by the upper-most value permitted by the host operating system. This is a UNIX kernel limited parameter. Linux kernel 2.6-based systems support a maximum value of 4294967295 (32-bit unsigned variable).