LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Samba. Cross domain authentication (http://www.linuxquestions.org/questions/linux-server-73/samba-cross-domain-authentication-825423/)

Felipe 08-10-2010 04:00 PM
Samba. Cross domain authentication
 
Hallo:

I've a problem with user authentication using samba.

What I have:
- ADS: Active Directory W2003 Controllers
- RH clients (RedHat 4u4), samba 3.0.10
What I do is to authenticate users that connects to RH against ADS.

AD domains:
dom1.net
dom2.com
subdom.dom2.com

My RH computer is joined to ADS dom1.net.
user1 account belongs to ADS dom1.net
user2 account belongs to ADS dom2.com.

I've defined dom1.net and dom2.com in /etc/krb5.conf so I can create tickets for both users.
If I do
kinit user1@DOM1.NET
it works fine.
If I do in the same computer (the one that is joined to dom1.net)
kinit user2@DOM2.COM
it works fine.

But it I try to use winbind, it works with user of dom1 but not with users of dom2.
wbinfo passwd DOM1\\user1 --> Returns user1 account.
wbinfo passwd DOM2\\user2 --> Returns that user doesn't exist.

The problem is that I can't authenticate
ssh DOM1\\user1@mycomputer.fqdn --> Works fine
su DOM1\\user1@mycomputer.fqdn --> " "
ssh DOM2\\user2@mycomputer.fqdn --> Logs shows that user doesn't exists.
su DOM2\\user2@mycomputer.fqdn --> Logs shows that user doesn't exists.

I've enabled en smb.conf:
...
security = ads
realm = DOM1.NET
workgroup = DOM1
allow trusted domains = yes
...

Any idea why I can't authenticate users of dom2.com in my RH computer?

Thanks

Felipe 08-11-2010 06:21 AM
Samba: Multidomain authentication
 
I'm going to rewrite the question. I've spent a lot time and I'm not sure if it is possible.

I've ADS running in Win2003.

3 domains:
dom1.com
dom2.net
subdom.dom2.net

1- Is possible to configure Samba to authenticate the users of the three domains when they connect to my computer running RHEL?
Now, using security=ads only authenticates users of one domain.

2- Can I use the rid_map to assign the same id on different computers to the same user?
Ej: idmap backend=idmap_rid=1000-2000,DOM2=2001-4000 or something like that...


Thanks

jasem200 02-12-2013 03:15 AM
you cant see other domain user like this,
you have to use your separator defined in smb.conf

like wbinfo --user-info=domain2+user2

and for login as well login with user: domain2+user2 or as defined your separator in smb.conf


All times are GMT -5. The time now is 12:21 AM.