LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-10-2010, 04:00 PM   #1
Felipe
Member
 
Registered: Oct 2006
Posts: 294

Rep: Reputation: 31
Samba. Cross domain authentication


Hallo:

I've a problem with user authentication using samba.

What I have:
- ADS: Active Directory W2003 Controllers
- RH clients (RedHat 4u4), samba 3.0.10
What I do is to authenticate users that connects to RH against ADS.

AD domains:
dom1.net
dom2.com
subdom.dom2.com

My RH computer is joined to ADS dom1.net.
user1 account belongs to ADS dom1.net
user2 account belongs to ADS dom2.com.

I've defined dom1.net and dom2.com in /etc/krb5.conf so I can create tickets for both users.
If I do
kinit user1@DOM1.NET
it works fine.
If I do in the same computer (the one that is joined to dom1.net)
kinit user2@DOM2.COM
it works fine.

But it I try to use winbind, it works with user of dom1 but not with users of dom2.
wbinfo passwd DOM1\\user1 --> Returns user1 account.
wbinfo passwd DOM2\\user2 --> Returns that user doesn't exist.

The problem is that I can't authenticate
ssh DOM1\\user1@mycomputer.fqdn --> Works fine
su DOM1\\user1@mycomputer.fqdn --> " "
ssh DOM2\\user2@mycomputer.fqdn --> Logs shows that user doesn't exists.
su DOM2\\user2@mycomputer.fqdn --> Logs shows that user doesn't exists.

I've enabled en smb.conf:
...
security = ads
realm = DOM1.NET
workgroup = DOM1
allow trusted domains = yes
...

Any idea why I can't authenticate users of dom2.com in my RH computer?

Thanks

Last edited by Felipe; 08-11-2010 at 06:25 AM.
 
Old 08-11-2010, 06:21 AM   #2
Felipe
Member
 
Registered: Oct 2006
Posts: 294

Original Poster
Rep: Reputation: 31
Samba: Multidomain authentication

I'm going to rewrite the question. I've spent a lot time and I'm not sure if it is possible.

I've ADS running in Win2003.

3 domains:
dom1.com
dom2.net
subdom.dom2.net

1- Is possible to configure Samba to authenticate the users of the three domains when they connect to my computer running RHEL?
Now, using security=ads only authenticates users of one domain.

2- Can I use the rid_map to assign the same id on different computers to the same user?
Ej: idmap backend=idmap_rid=1000-2000,DOM2=2001-4000 or something like that...


Thanks

Last edited by Felipe; 08-11-2010 at 06:26 AM.
 
Old 02-12-2013, 03:15 AM   #3
jasem200
LQ Newbie
 
Registered: May 2005
Location: Libya
Distribution: redhat enterprise 4
Posts: 28

Rep: Reputation: 15
you cant see other domain user like this,
you have to use your separator defined in smb.conf

like wbinfo --user-info=domain2+user2

and for login as well login with user: domain2+user2 or as defined your separator in smb.conf
 
  


Reply

Tags
authentication, cross, domain, samba


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Domain Controller Authentication under Samba not working!! passedpawn1986 Linux - Newbie 3 10-05-2009 06:01 PM
Samba authentication using a windows domain controller _os_ Linux - Server 4 08-05-2009 05:50 AM
Samba and ADS domain authentication Linux_Newbie_se Linux - Networking 1 05-19-2004 06:34 PM
Samba authentication in W2k Domain ixion Linux - Networking 7 02-18-2003 08:55 AM
Samba/NT cross domain functionality tarballedtux Linux - Networking 0 11-13-2001 06:43 PM


All times are GMT -5. The time now is 09:35 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration