I have a few CentOS boxes joined to the AD domain with winbind.

If I establish a trust with a DMZ domain would systems joined to the DMZ domain be able to access the internal domain via the Microsoft domain trust?

Anything else I should consider?


Thanks!

Are both domains part of the same kerberos realm? ( I noticed you're using krb in your previous script, thanks again BTW)
Are you trying to create a two way trust? It's been awhile since I had win servers to deal with but I seem to remember you can set up different trust relationships between domains.

No, I believe they are seperate KRB domains. Our DMZ, we can call it BOBNET.INT, has a one way trust where it can read from BOB.INT.

There are no users/groups in the DMZ (BOBNET.INT) domain only computer accounts.

When I have setup AD auth in the past normally the server and the users all are located in the same (BOB.INT) domain.

Currently I am setting up AD auth for a server in the DMZ (BOBNET.INT) but don't know if I should do anything special or different so that AD auth will work

You probably have a trust relationship between realms, the systems create a map of domain names -> realms and query DNS for the local service record and then sift the table to find the relationship based on domain name. That trust relationship has to be set up, though if I recall that's done on the KDC and not the local client. (Thanks God for the Manual)
They have to have local accounts then, otherwise how would you log into them? The way you're explaining the one way trust makes sense, if the two domains were fully trusted, then users from BOB would be able to log onto machines in BOBNET using their BOB domain accounts since the security database would be replicated.