Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 08-10-2010, 05:00 PM   #1
Registered: Oct 2006
Posts: 294

Rep: Reputation: 31
Samba. Cross domain authentication


I've a problem with user authentication using samba.

What I have:
- ADS: Active Directory W2003 Controllers
- RH clients (RedHat 4u4), samba 3.0.10
What I do is to authenticate users that connects to RH against ADS.

AD domains:

My RH computer is joined to ADS
user1 account belongs to ADS
user2 account belongs to ADS

I've defined and in /etc/krb5.conf so I can create tickets for both users.
If I do
kinit user1@DOM1.NET
it works fine.
If I do in the same computer (the one that is joined to
kinit user2@DOM2.COM
it works fine.

But it I try to use winbind, it works with user of dom1 but not with users of dom2.
wbinfo passwd DOM1\\user1 --> Returns user1 account.
wbinfo passwd DOM2\\user2 --> Returns that user doesn't exist.

The problem is that I can't authenticate
ssh DOM1\\user1@mycomputer.fqdn --> Works fine
su DOM1\\user1@mycomputer.fqdn --> " "
ssh DOM2\\user2@mycomputer.fqdn --> Logs shows that user doesn't exists.
su DOM2\\user2@mycomputer.fqdn --> Logs shows that user doesn't exists.

I've enabled en smb.conf:
security = ads
realm = DOM1.NET
workgroup = DOM1
allow trusted domains = yes

Any idea why I can't authenticate users of in my RH computer?


Last edited by Felipe; 08-11-2010 at 07:25 AM.
Old 08-11-2010, 07:21 AM   #2
Registered: Oct 2006
Posts: 294

Original Poster
Rep: Reputation: 31
Samba: Multidomain authentication

I'm going to rewrite the question. I've spent a lot time and I'm not sure if it is possible.

I've ADS running in Win2003.

3 domains:

1- Is possible to configure Samba to authenticate the users of the three domains when they connect to my computer running RHEL?
Now, using security=ads only authenticates users of one domain.

2- Can I use the rid_map to assign the same id on different computers to the same user?
Ej: idmap backend=idmap_rid=1000-2000,DOM2=2001-4000 or something like that...


Last edited by Felipe; 08-11-2010 at 07:26 AM.
Old 02-12-2013, 04:15 AM   #3
LQ Newbie
Registered: May 2005
Location: Libya
Distribution: redhat enterprise 4
Posts: 29

Rep: Reputation: 15
you cant see other domain user like this,
you have to use your separator defined in smb.conf

like wbinfo --user-info=domain2+user2

and for login as well login with user: domain2+user2 or as defined your separator in smb.conf


authentication, cross, domain, samba

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Domain Controller Authentication under Samba not working!! passedpawn1986 Linux - Newbie 3 10-05-2009 07:01 PM
Samba authentication using a windows domain controller _os_ Linux - Server 4 08-05-2009 06:50 AM
Samba and ADS domain authentication Linux_Newbie_se Linux - Networking 1 05-19-2004 07:34 PM
Samba authentication in W2k Domain ixion Linux - Networking 7 02-18-2003 09:55 AM
Samba/NT cross domain functionality tarballedtux Linux - Networking 0 11-13-2001 07:43 PM

All times are GMT -5. The time now is 08:05 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration