NTLM Authentication against multiple domain comtrollers

Mayank Agrawal MAgrawal at facetime.com
Wed Nov 10 17:08:37 MST 2010


Thanks a lot for showing the direction to achieve this task. I did lot
of research and code walk through, and your idea makes a lot of sense.
But I am unable to find out how do I change the WINBINDD_SOCKET_DIR
variable. As I understand it is a CFLAGS so do we need to compile
winbind with separate CFLAGS settings?
Please let us know

-----Original Message-----
From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] 
Sent: Wednesday, November 03, 2010 12:36 AM
To: Mayank Agrawal
Cc: samba-technical at lists.samba.org
Subject: Re: NTLM Authentication against multiple domain comtrollers

On Wed, Nov 03, 2010 at 06:22:26AM +0530, Mayank Agrawal wrote:
> We have a working setup of squid + samba + winbind to authenticate
> belonging to the same domain (using NTLM). We have an immediate urgent
> requirement to support authentication against multiple Domains which
> using their own Domain controller. There is NO Trust Relation between
> these Domain Controllers.
> I have searched through length and breadth of all available documents
> and discussions, but there doesn't seem to be any solution available. 
> Please let us know if such a solution exists. I am eager enough to put
> in a few changes in the code (if this is what is required), but this
> would require a few pointers from this knowledgeable community.

What you could do is run two winbinds separated with
"winbind socket dir" and other settings to virtualize
winbind. Then you could run two ntlm_auth instances, giving
each a separate WINBINDD_SOCKET_DIR environment variable.
The piece of code that is missing is: Who decides which
domain you need to talk to.


More information about the samba-technical mailing list