[Nyuni]

10.3.2 Server, Open Directory Master, Samba on and set up as a Primary Domain Controller (let's call the domain "programs"). I have a share on my MacOS X server that a user from another NT4 domain on the network (let's call it "accounting") needs access to. I set up a trust relationship between the Samba domain and the NT4 domain as follows:

On the NT4 server via Domain User Manager, add "programs" as a trusting domain.

On the MacOS X Server, pop open a terminal and issue the following command to consumate the trust relationship:

sudo net rpc trustdom establish accounting

This returns with "Success!" signalling that the trust relationship has been established.

My question now, and one I haven't been able to find an answer to thus far - is how can I specify a user from the accounting domain as having access to the share to which I want them to? If I try to modify the ACL from a Windows machine on the programs domain, (Add the accounting user and give them required access) the settings don't "stick". I'm guessing I have to muck around in the LDAP config for Samba and somehow map a Samba user to the other domain's user and then allow the newly mapped Samba user access to the share, but I'm not quite sure how to go about doing that.

Any suggestions?

[Nyuni]

OK.. figured this out, am posting the solution for the benefit of anyone else with the problem.

After establishing the trust relationship, a user entry for any users from the NT4 domain whom you wish to have access to your OSX-served domain must be made in Open Directory with the same username and password as the NT4 domain. (Logically, it makes sense.) This is where I can see the benefit of integrating with Active Directory domains or having OpenLDAP replicas.. unfortunately, all I had to work with on the other end was NT4!