[Samba] Samba Domain controller getting authentication from a second domain

Jim Potter jim at gangermin.co.uk
Sun Aug 31 09:22:41 GMT 2003

Hi all,
   I've been trying to set up a Samba domain controller for domain NEWDOMAIN that draws usernames and authentication from a second NT(actually 2K) domain EXISTINGDOMAIN on the same network. This is what I've tried so far...
    Name service: run a winbindd service to get the names from EXISTINGDOMAIN... this is great, but adds the domain name to the beginning of the username - all names come out in the format EXISTINGDOMAIN\fbloggs. 
    Name service: use ldap to get usernames... this works, but there's no UIDs provided.
    Name service: map everyine to a guest account
    Name service: set them all up manually/automagically with a script of some sort

    Passwords: set password server = EXISTINGDOMAIN_PDC - this doesnt' work if security=USER, which you need if you are a domain controller
    Passwords: the auth behaviour of pam_smb looks ideal, but as I understand it, samba doesn't do the pam AUTH thing, just the account and session bits.

Has anyone got any ideas?

(Full story: I've just started working at a school where there's some whacky software in place that enforces security using really weird preconfigured user profiles. The only way I can see of avoiding using these is by setting up a new domain. If I use the same usernames and passwords, then the users will still be able to transparently authenticate to the existing domain to use their home directories and other resources, but use user profiles defined on the new domain rather than the existing one. Does that make sense?)

cheers in advance

Jim Potter

More information about the samba mailing list