Authenticating to two NT domains
MCCALL,DON (HP-USA,ex1)
don_mccall at hp.com
Wed Feb 7 15:05:27 GMT 2001
Hi Ken,
Afraid that won't do it; Samba will only contact a single DC in the list,
and whatever it replys in response to the authentication request will be
authorative. It only contacts other DC's on the list in the event that the
DC's before it are unresponsive. So in your case,
if DOM1PDC was up and running, and a pc member of DOM2PDC tried to
authenticate, DOM1PDC would reply in the negative.
I don't know of any way to make this work for you other than to have a trust
established between these two domains on the NT side. Samba cannot be a
member of more than one domain at a time (same as NT itself).
Hope this helps,
Don
-----Original Message-----
From: Weiss, Ken [mailto:Ken.Weiss at schwab.com]
Sent: Tuesday, February 06, 2001 5:02 PM
To: 'samba at lists.samba.org'
Subject: Authenticating to two NT domains
My Samba server has users that are in two different NT domains, DOM1 and
DOM2. There is no trust between the two domains. I would like all my users
to be able to authenticate to my Samba server, using 'security = DOMAIN'.
Can I just put a line into smb.conf like 'password server = DOM1PDC,
DOM2PDC'? Will that allow users from either domain to successfully
authenticate themselves to the Samba server?
Thanks for any assistance.
--Ken
-----------------------------------------------------------------------
Ken Weiss ken.weiss at schwab.com (email)
Charles Schwab & Co. 415-667-1424 (desk)
Java Object Services 415-786-1545 (cell/telecommute)
211MN-06-325 4157861545 at messaging.sprintpcs.com (pcs)
101 Montgomery St. 415-667-9402 (fax)
San Francisco, CA 94104
For Java on the Schweb, use the jumpword 'Java'.
For the Java WebBoard, use the jumpword 'JavaTalk'.
WARNING: All email sent to this address will be received by the Charles
Schwab & Co., Inc. corporate email system and is subject to archival and
review by someone other than the recipient.
More information about the samba
mailing list