Samba. Cross domain authentication
I've a problem with user authentication using samba.
What I have:
- ADS: Active Directory W2003 Controllers
- RH clients (RedHat 4u4), samba 3.0.10
What I do is to authenticate users that connects to RH against ADS.
My RH computer is joined to ADS dom1.net.
user1 account belongs to ADS dom1.net
user2 account belongs to ADS dom2.com.
I've defined dom1.net and dom2.com in /etc/krb5.conf so I can create tickets for both users.
If I do
it works fine.
If I do in the same computer (the one that is joined to dom1.net)
it works fine.
But it I try to use winbind, it works with user of dom1 but not with users of dom2.
wbinfo passwd DOM1\\user1 --> Returns user1 account.
wbinfo passwd DOM2\\user2 --> Returns that user doesn't exist.
The problem is that I can't authenticate
ssh DOM1\\firstname.lastname@example.org --> Works fine
su DOM1\\email@example.com --> " "
ssh DOM2\\firstname.lastname@example.org --> Logs shows that user doesn't exists.
su DOM2\\email@example.com --> Logs shows that user doesn't exists.
I've enabled en smb.conf:
security = ads
realm = DOM1.NET
workgroup = DOM1
allow trusted domains = yes
Any idea why I can't authenticate users of dom2.com in my RH computer?
Samba: Multidomain authentication
I'm going to rewrite the question. I've spent a lot time and I'm not sure if it is possible.
I've ADS running in Win2003.
1- Is possible to configure Samba to authenticate the users of the three domains when they connect to my computer running RHEL?
Now, using security=ads only authenticates users of one domain.
2- Can I use the rid_map to assign the same id on different computers to the same user?
Ej: idmap backend=idmap_rid=1000-2000,DOM2=2001-4000 or something like that...
you cant see other domain user like this,
you have to use your separator defined in smb.conf
like wbinfo --user-info=domain2+user2
and for login as well login with user: domain2+user2 or as defined your separator in smb.conf
|All times are GMT -5. The time now is 12:31 AM.|