To explain the issue in brief manner:
I have 3 domain controllers, each one hosting different domain in their respective forests - calling them X, Y, Z
X DC is Win 2003 R2
Other 2 are Win 2008 server
Created 2 trust relations, each one being one-way, external outgoing trust from X to Y and X to Z
Configured my Samba server against the X domain controller.
----------------------------------------------
So far so good.
I have 2 client machines - Win XP and Win 7
1. Win 7 client - Joined to Z domain
If I logon as Z domain admin or any other user and try to add more users to access the samba share, in the 'Locations' button of 'security tab', if I try to 'find user' from Y domain, it asks for credentials of that domain.
However it allows to 'find users' from the X domain without credentials for X domain
2. Win XP - Joined to Y domain
If I logon as Y domain administrator and try to add more user, the 'Locations' buttons allows me to 'find users' from both X and Z domain as well, without asking password
Login from any other user from Y domain (not admin), it allows me 'find users' from X domain but for the Z domain, it asks credentials for Admin
---------------------------------------------------------------------------
So, this has really confused me and I would like to understand how this works.
I am using same samba share to connect from both client(connecting to clients through remote desktop)
Is there some config that is missing on my Samba server or is it purely how my Widows client and the AD server interact ?
Why is there difference between Win XP and Win 7 behaviour and then Admin user and any other user ?
I was expecting that any user(admin or not) from Y and Z domain would not be able to 'find users' from each other domain without creds.
Moreover, even the X domain users 'find users' would not work if my client is part of Y or Z domain
Reply With Quote
Bookmarks