SAMBA Passwords and multiple (trusted) NT domains

Matthew Chapman m.chapman at
Fri Sep 11 08:26:54 GMT 1998

> Let's say we have two different NT domains - "A" and B". Both of
> these NT domains "trust" each other so that users can access
> resources on each without a problem.
> Now lets say we have a SAMBA server that is configured to use
> NT Server "A" for password authentication as follows:
>   security = server
>   password server = name of NT server for domain "A"
> People from NT domain "A" can use this SAMBA server without
> any problem as you would expect. Their passwords are verified
> by the server and they exist in the NT domain "A".
> BUT...
> People from domain "B" cannot access the SAMBA server. Although
> the NT server for domain "A" knows about domain "B" where they
> exist (and they're able to browse resources in domain B when using
> NT), apparently the password verification mechanism used by SAMBA
> can't tell NT "go to domain "B" for this user".
> Any thoughts or insights on how to make this work (if indeed it's even
> possible) would be greatly appreciated. My fallback plan is to run another
> SAMBA server pointing to domain "B" for these folks.

I'm thinking that in theory this should work. Samba should pass both domain
and username information to the password server, which then authenticates
against the trusted domain.

However I think Samba either doesn't send the correct domain information or
the password server ignores it (this is not entirely unlikely; as far as I
know Win95 and WfWg don't let you specify an alternate domain so Microsoft
could have taken a shortcut in their LanManager code)... any comments ppl?


Matt Chapman
E-mail: mattyc at

More information about the samba-technical mailing list