Hi All,

We have a two way trust situation between DomA and DomB - the two
domains are connected via a leased line and are on different network
addresses.

I have a Samba (2.2.8) server in my domain (DomA) and the trust thing
works fine - users in both domains can access shares fine. We also are
using winbind.

I am interested however in how authentication actually works. I
*thought* that what happened was that if a user from the trusted
domain tried to connect to the samba share, then samba would check to
see if the user was indeed from a trusted domain, then the PDC in the
trusting domain would take care of authenticating the user by passing
on the request to the PDC in the trusted domain. In other words:

DomB user connects to samba in DomA -> samba requests authentication
from PDC in DomA -> PDC in DomA requests authentication from PDC in
DomB -> PDC in DomA confirms user authenticated to samba server.

However I have found that I need to have the PDC in DomB in my lmhosts
file on the samba server (broadcasts don't work across the routers) -
implying that samba authenticates the user directly with the DomB PDC,
after checking that the user is indeed coming from a trusted domain.

Can anyone clear this up for me ?

Cheers,

Craig.