[Samba] shell login with multiple domains via trusts

Fri Sep 16 15:11:45 MDT 2011

It's been a long journey, bear with me.

we have multiple domains, that have interdomain trusts in separate forests.

I can successfully authenticate via "wbinfo -A A\\userA" and "wbinfo -A B\\userB"; same with -K.

The host is joined do AD "A".  UserA can authenticate successfully and get a shell.

However I desire B\\UserB to also be able to login as well.

However, I can only have users from domain A login, and even then, if and only if I have "winbind use default domain = true".

However it would seem that "winbind use default domain = false" is required to do what I desire. However, I can't seem to get PAM to deal with the domain portion of the string.

ie "A\\" of "A\\UserA" or "B\\" of "B\\UserB"

Anyone out doing this already?

How do I get PAM to strip the DOMAIN portion or winbind to strip it prior to passing it to PAM?