[Samba] Samba Domain controller getting authentication from a
second domain
Jim Potter
jim at gangermin.co.uk
Sun Aug 31 09:22:41 GMT 2003
Hi all,
I've been trying to set up a Samba domain controller for domain NEWDOMAIN that draws usernames and authentication from a second NT(actually 2K) domain EXISTINGDOMAIN on the same network. This is what I've tried so far...
Name service: run a winbindd service to get the names from EXISTINGDOMAIN... this is great, but adds the domain name to the beginning of the username - all names come out in the format EXISTINGDOMAIN\fbloggs.
Name service: use ldap to get usernames... this works, but there's no UIDs provided.
Name service: map everyine to a guest account
Name service: set them all up manually/automagically with a script of some sort
Passwords: set password server = EXISTINGDOMAIN_PDC - this doesnt' work if security=USER, which you need if you are a domain controller
Passwords: the auth behaviour of pam_smb looks ideal, but as I understand it, samba doesn't do the pam AUTH thing, just the account and session bits.
Has anyone got any ideas?
(Full story: I've just started working at a school where there's some whacky software in place that enforces security using really weird preconfigured user profiles. The only way I can see of avoiding using these is by setting up a new domain. If I use the same usernames and passwords, then the users will still be able to transparently authenticate to the existing domain to use their home directories and other resources, but use user profiles defined on the new domain rather than the existing one. Does that make sense?)
cheers in advance
Jim Potter
More information about the samba
mailing list