Hi all,

We have a two way trust between two domains DomainA and DomainB. Both
domains have their own NT PDC. We have a Samba server (Samba 2.2.8)in
our domain (DomainA) and are also using winbind for authentication.

Everything works ok - users in DomainB can access resources on the
samba server in our domain (DomainA) so long as the filesystem
permissions and the share definitions allow it. Therein lies my
question.

Say I want to allow read/write access to the groups DomainA+groupA and
DomainB+groupB to a share. I know that I can do this by making the
share location world readable/writable at the filesystem level, and
restricting access to onlyt these two groups in the share definition
in smb.conf. However, I am a little uncomfortable with the fact that
at the filesytem level the location is wide open.

Since I cannot add global groups to global groups on our PDC, is there
any other way to give access to groups across domains *without* making
the share wide open at the filesystem level ?

Cheers,

Craig Jackson