-   Linux - Server (
-   -   Samba. Cross domain authentication (

Felipe 08-10-2010 04:00 PM

Samba. Cross domain authentication

I've a problem with user authentication using samba.

What I have:
- ADS: Active Directory W2003 Controllers
- RH clients (RedHat 4u4), samba 3.0.10
What I do is to authenticate users that connects to RH against ADS.

AD domains:

My RH computer is joined to ADS
user1 account belongs to ADS
user2 account belongs to ADS

I've defined and in /etc/krb5.conf so I can create tickets for both users.
If I do
kinit user1@DOM1.NET
it works fine.
If I do in the same computer (the one that is joined to
kinit user2@DOM2.COM
it works fine.

But it I try to use winbind, it works with user of dom1 but not with users of dom2.
wbinfo passwd DOM1\\user1 --> Returns user1 account.
wbinfo passwd DOM2\\user2 --> Returns that user doesn't exist.

The problem is that I can't authenticate
ssh DOM1\\user1@mycomputer.fqdn --> Works fine
su DOM1\\user1@mycomputer.fqdn --> " "
ssh DOM2\\user2@mycomputer.fqdn --> Logs shows that user doesn't exists.
su DOM2\\user2@mycomputer.fqdn --> Logs shows that user doesn't exists.

I've enabled en smb.conf:
security = ads
realm = DOM1.NET
workgroup = DOM1
allow trusted domains = yes

Any idea why I can't authenticate users of in my RH computer?


Felipe 08-11-2010 06:21 AM

Samba: Multidomain authentication
I'm going to rewrite the question. I've spent a lot time and I'm not sure if it is possible.

I've ADS running in Win2003.

3 domains:

1- Is possible to configure Samba to authenticate the users of the three domains when they connect to my computer running RHEL?
Now, using security=ads only authenticates users of one domain.

2- Can I use the rid_map to assign the same id on different computers to the same user?
Ej: idmap backend=idmap_rid=1000-2000,DOM2=2001-4000 or something like that...


jasem200 02-12-2013 03:15 AM

you cant see other domain user like this,
you have to use your separator defined in smb.conf

like wbinfo --user-info=domain2+user2

and for login as well login with user: domain2+user2 or as defined your separator in smb.conf

All times are GMT -5. The time now is 01:43 AM.