Bug 556 - Domain trust passwords are stored in a secrets.tdb instead of LDAP
Domain trust passwords are stored in a secrets.tdb instead of LDAP
Status: RESOLVED LATER
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control
3.0.11
All Linux
: P2 normal
: 3.0.2
Assigned To: Gerald (Jerry) Carter
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-10-02 13:06 UTC by Nick Lopez
Modified: 2005-09-29 09:38 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nick Lopez 2003-10-02 13:06:02 UTC
Domain trust passwords are stored in the secrets.tdb of the server that
establishes the trust, so other DCs can't exercise the trusts, or be access by
any accounts from across the trust.
Comment 1 Tim Potter 2003-10-02 18:49:37 UTC
Is this for transitive trusts in win2k/win2k3?  I think the model of storing the
passwords in secrets.tdb was based on the NT4 one-way trust system.
Comment 2 Gerald (Jerry) Carter 2003-10-03 06:38:48 UTC
Tim,  the problem is that only the Samba PDC
can validate the trust.  A Samba BDC needs to have access 
to the same trust account password.
Comment 3 Rafal Szczesniak 2003-11-19 14:38:25 UTC
oh, I forgot to keep previous status...
Comment 4 Guenther Deschner 2004-09-17 03:08:55 UTC
Mimir,

is your work in trunk ready-to-start-testing-with ?
Comment 5 Nick Lopez 2004-10-26 15:48:15 UTC
Is there something I can test? Being able to have a BDC and still exercise the
trust would be nice.
Comment 6 Rafal Szczesniak 2004-10-27 01:58:36 UTC
(In reply to comment #5)
> Is there something I can test? Being able to have a BDC and still exercise the
> trust would be nice.

Yes. Major development has been done in trunk branch by now. You can try out
the code using ldap passdb backend. It needs a little change to acommodate
local domains requirements before it's ready to merge in samba3.
Comment 7 Gerald (Jerry) Carter 2005-02-05 07:51:56 UTC
code in trunk has been removed.  Will be reworked hopefulling in time for 3.0.12
Comment 8 Gerald (Jerry) Carter 2005-09-29 09:38:07 UTC
someday.....