Hi all,

We have a two way trust between two domains DomainA and DomainB. Both
domains have their own NT PDC. We have a Samba server (Samba 2.2.8)in
our domain (DomainA) and are also using winbind for authentication.

Everything works ok - users in DomainB can access resources on the
samba server in our domain (DomainA) so long as the filesystem
permissions and the share definitions allow it. Therein lies my

Say I want to allow read/write access to the groups DomainA+groupA and
DomainB+groupB to a share. I know that I can do this by making the
share location world readable/writable at the filesystem level, and
restricting access to onlyt these two groups in the share definition
in smb.conf. However, I am a little uncomfortable with the fact that
at the filesytem level the location is wide open.

Since I cannot add global groups to global groups on our PDC, is there
any other way to give access to groups across domains *without* making
the share wide open at the filesystem level ?


Craig Jackson