Domain trust passwords are stored in the secrets.tdb of the server that establishes the trust, so other DCs can't exercise the trusts, or be access by any accounts from across the trust.
Is this for transitive trusts in win2k/win2k3? I think the model of storing the passwords in secrets.tdb was based on the NT4 one-way trust system.
Tim, the problem is that only the Samba PDC can validate the trust. A Samba BDC needs to have access to the same trust account password.
oh, I forgot to keep previous status...
Mimir, is your work in trunk ready-to-start-testing-with ?
Is there something I can test? Being able to have a BDC and still exercise the trust would be nice.
(In reply to comment #5) > Is there something I can test? Being able to have a BDC and still exercise the > trust would be nice. Yes. Major development has been done in trunk branch by now. You can try out the code using ldap passdb backend. It needs a little change to acommodate local domains requirements before it's ready to merge in samba3.
code in trunk has been removed. Will be reworked hopefulling in time for 3.0.12
someday.....