Multiple realm support

Wachdorf, Daniel R drwachd at
Tue Oct 28 21:36:26 GMT 2003

I posted a similar question to the samba users list but didn't get a

I am wondering if it is possible to support multiple realms for user account
mappings when using security=ads.  For example: I have two AD realms with
forest trust, and  I have a samba server, which has the account user.  When user logs into and tries to connect to, he gets all the
necessary Kerberos tickets, but gets reject by the samba server with the
message "user is invalid on this system".

Is it possible to map multiple domains to a single user.  I think this might
be test accomplished with the call krb5_aname_to_localname().

Daniel Wachdorf
drwachd at
Sandia National Laboratories
System Security Research and Integration

More information about the samba-technical mailing list