Bug 556 - Domain trust passwords are stored in a secrets.tdb instead of LDAP
Summary: Domain trust passwords are stored in a secrets.tdb instead of LDAP
Status: RESOLVED LATER
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.0.11
Hardware: All Linux
: P2 normal
Target Milestone: 3.0.2
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-10-02 13:06 UTC by Nick Lopez
Modified: 2005-09-29 09:38 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nick Lopez 2003-10-02 13:06:02 UTC 
Domain trust passwords are stored in the secrets.tdb of the server that
establishes the trust, so other DCs can't exercise the trusts, or be access by
any accounts from across the trust.
Comment 1 Tim Potter 2003-10-02 18:49:37 UTC 
Is this for transitive trusts in win2k/win2k3?  I think the model of storing the
passwords in secrets.tdb was based on the NT4 one-way trust system.
Comment 2 Gerald (Jerry) Carter (dead mail address) 2003-10-03 06:38:48 UTC 
Tim,  the problem is that only the Samba PDC
can validate the trust.  A Samba BDC needs to have access 
to the same trust account password.
Comment 3 Rafal Szczesniak 2003-11-19 14:38:25 UTC 
oh, I forgot to keep previous status...
Comment 4 Guenther Deschner 2004-09-17 03:08:55 UTC 
Mimir,

is your work in trunk ready-to-start-testing-with ?
Comment 5 Nick Lopez 2004-10-26 15:48:15 UTC 
Is there something I can test? Being able to have a BDC and still exercise the
trust would be nice.
Comment 6 Rafal Szczesniak 2004-10-27 01:58:36 UTC 
(In reply to comment #5)
> Is there something I can test? Being able to have a BDC and still exercise the
> trust would be nice.

Yes. Major development has been done in trunk branch by now. You can try out
the code using ldap passdb backend. It needs a little change to acommodate
local domains requirements before it's ready to merge in samba3.
Comment 7 Gerald (Jerry) Carter (dead mail address) 2005-02-05 07:51:56 UTC 
code in trunk has been removed.  Will be reworked hopefulling in time for 3.0.12
Comment 8 Gerald (Jerry) Carter (dead mail address) 2005-09-29 09:38:07 UTC 
someday.....