Domain trust passwords are stored in the secrets.tdb of the server that
establishes the trust, so other DCs can't exercise the trusts, or be access by
any accounts from across the trust.
Is this for transitive trusts in win2k/win2k3? I think the model of storing the
passwords in secrets.tdb was based on the NT4 one-way trust system.
Tim, the problem is that only the Samba PDC
can validate the trust. A Samba BDC needs to have access
to the same trust account password.
oh, I forgot to keep previous status...
is your work in trunk ready-to-start-testing-with ?
Is there something I can test? Being able to have a BDC and still exercise the
trust would be nice.
(In reply to comment #5)
> Is there something I can test? Being able to have a BDC and still exercise the
> trust would be nice.
Yes. Major development has been done in trunk branch by now. You can try out
the code using ldap passdb backend. It needs a little change to acommodate
local domains requirements before it's ready to merge in samba3.
code in trunk has been removed. Will be reworked hopefulling in time for 3.0.12