HP CIFS Server Administrator Guide Version A.02.04.04 (5070-6710, October 2011)
PDC domain name. The Samba domain name is the domain name specified in the
“workgroup” parameter of smb.conf. Enter and confirm the trust password and select
OK.
• To add Windows 2000 as a trusted domain, click the Add button next to the box titled
“Domains that trust this domain”. For “Trusting Domain”, enter the Samba
PDC domain name. Enter and confirm the trust password and select OK.
5. When prompted, review the confirmation and select Yes.
6. Enter the administrator name and password.
7. Select Finish, and then OK.
For an Windows 2003 domain controller, use the Administrative Tools utility to perform
the following steps:
1. From the Start menu, select Programs -> Administrative Tools -> Active
Directory Domains and Trusts.
2. Right click on the desired Active Directory domain name and select Properties.
3. Select the tab Trusts, then click New Trusts. Click Next.
4. Specify the Samba PDC domain name and select Next. The Samba domain name is the
domain name specified in the “workgroup” parameter in smb.conf.
5. Select your choice of trust type, One-way: incoming, One-way: outgoing, or Two-way and
select Next.
6. Enter and confirm the trust password.
7. Review and select Next.
8. Select Yes and select Next, two more times.
9. Select Finish and then OK.
NOTE: Windows Server 2003 Service Pack 1 (SP1) may require the RestrictAnonymous
registry subkey to be set to 0 and the value of the RestrictNullSessAccess registry subkey
also to be set to 0. Run regedit from the start button and find RestrictNullSessAccess
under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ LanmanServer\
Parameters. For more details, refer to “trusts RestrictNullSessAccess” on the Microsoft TechNet
at http://technet.microsoft.com.
Alternatively, if you do not want to change the registry on Windows Server 2003 Service Pack 1
(SP1), you can use the --set-auth-user option of the wbinfo command to set a domain user
account and password for the Winbind service. Using this option enables the Winbind service to
authenticate itself with a valid domain user account while accessing the user and group information
from the Windows 2003 Server.
To create the corresponding configuration of the Samba domain PDC for two way trust relationship
with the Windows domain, logon as root and execute the following steps:
1. Run the following command to start the winbind daemon:
startsmb -winbind
2. Add a trust account for the trusting Windows domain to /etc/passwd. Add the trusting
domain name with the “$” using the useradd command.
For example, the following command adds a trust account for the trusting Windows domain
name, windomainA, to /etc/passwd:
useradd windomainA$
Due to the maximum name length of 8 for the useradd command, you may need to edit
/etc/passwd to add the trusting Windows domain name account.
3. Run smbpasswd to add a trusting Windows domain Samba account to your trusted Samba
domain database and create a password for the trusting account. Use the same trusting
Trust Relationships 77