Authenticating to two NT domains

MCCALL,DON (HP-USA,ex1) don_mccall at
Wed Feb 7 15:05:27 GMT 2001

Hi Ken,
Afraid that won't do it; Samba will only contact a single DC in the list,
and whatever it replys in response to the authentication request will be
authorative.  It only contacts other DC's on the list in the event that the
DC's before it are unresponsive.  So in your case,
if DOM1PDC was up and running, and a pc member of DOM2PDC tried to
authenticate, DOM1PDC would reply in the negative.
I don't know of any way to make this work for you other than to have a trust
established between these two domains on the NT side.  Samba cannot be a
member of more than one domain at a time (same as NT itself).
Hope this helps,

-----Original Message-----
From: Weiss, Ken [mailto:Ken.Weiss at]
Sent: Tuesday, February 06, 2001 5:02 PM
To: 'samba at'
Subject: Authenticating to two NT domains

My Samba server has users that are in two different NT domains, DOM1 and
DOM2. There is no trust between the two domains. I would like all my users
to be able to authenticate to my Samba server, using 'security = DOMAIN'.
Can I just put a line into smb.conf like 'password server = DOM1PDC,
DOM2PDC'? Will that allow users from either domain to successfully
authenticate themselves to the Samba server?

Thanks for any assistance.


Ken Weiss                                  ken.weiss at (email)

Charles Schwab & Co.                                415-667-1424 (desk)
Java Object Services                    415-786-1545 (cell/telecommute)
211MN-06-325                   4157861545 at (pcs)
101 Montgomery St.                                   415-667-9402 (fax)
San Francisco, CA 94104

For Java on the Schweb, use the jumpword 'Java'.
For the Java WebBoard, use the jumpword 'JavaTalk'.
WARNING:  All email sent to this address will be received by the Charles
Schwab & Co., Inc. corporate email system and is subject to archival and
review by someone other than the recipient.

More information about the samba mailing list