[Samba] shell login with multiple domains via trusts
Eric S. Hvozda
hvozda at ack.org
Fri Sep 16 15:11:45 MDT 2011
It's been a long journey, bear with me.
we have multiple domains, that have interdomain trusts in separate forests.
I can successfully authenticate via "wbinfo -A A\\userA" and "wbinfo -A B\\userB"; same with -K.
The host is joined do AD "A". UserA can authenticate successfully and get a shell.
However I desire B\\UserB to also be able to login as well.
However, I can only have users from domain A login, and even then, if and only if I have "winbind use default domain = true".
However it would seem that "winbind use default domain = false" is required to do what I desire. However, I can't seem to get PAM to deal with the domain portion of the string.
ie "A\\" of "A\\UserA" or "B\\" of "B\\UserB"
Anyone out doing this already?
How do I get PAM to strip the DOMAIN portion or winbind to strip it prior to passing it to PAM?
More information about the samba
mailing list