Question for the NAS experts here. My customer has the following AD setup
foo.com
resources.foo.com
apps.foo.com
We've joined the DSS system to foo.com and all the groups/users can be seen. However, we can't see any of the users and groups in the child domains on the dss system. Is this functionality present?
The PDC for the root domain is Windows 2008 and yes, we are using DNS from that same server.
The other DCs for the child domains, does OpenE need to know about those servers?
Essentially, what should one expect when checking the Trusted Domains box? Does that mean that I should be able to see all the users across all the domains from the Open-E server? Or does it mean something else?
If it is set to no, then attempts to connect to a resource from a domain or workgroup other than the one which smbd is running in will fail, even if that domain is trusted by the remote server doing the authentication.
This is useful if you only want your Samba server to serve resources to users in the domain it is a member of. As an example, suppose that there are two domains DOMA and DOMB. DOMB is trusted by DOMA, which contains the Samba server. Under normal circumstances, a user with an account in DOMB can then access the resources of a UNIX account with the same account name on the Samba server even if they do not have an account in DOMA. This can make implementing a security boundary difficult.