[Samba] Winbind Trusts on Multiple Domains

Shannon Johnson sjohnson at engr.psu.edu
Mon Mar 7 16:28:39 GMT 2005


I've got an interesting problem that I'll try to detail here as best I


My Setup: We've got a W2K domain with 2 W2K DC's and a Samba member
server that hosts the shares, including home directories. We've got both
Linux and Windows clients (2000 & XP). For reference, the samba server
will be named "SAMBA" and the Windows PDC will be named "PDC".


The Problem: All the users can log in, and when they log in, their home
directories are mounted automatically. However, if we try to map a share
from outside the domain, it doesn't accept the username and password.
When Windows comes back asking for the username and password again, it
has replaced the domain name with "SAMBA", but it still won't work.
We've tried "SAMBA/username", "username at SAMBA",
"username at SAMBA.FULL.DOMAIN.NAME", and several other things, but it only
works if we make up something and put it as the domain name. For
example, "SAMBA/abc123" doesn't work, but "ANYTHING/abc123" does. 


Originally, we thought the problem was related to the winbind separator.
We had it set to "+", and we thought it would resolve itself once we
changed it to "/" or "\". It didn't. Now, we're looking into the trusted
domains, which leads me to our current situation. 


On the Samba server, if I type "wbinfo -m", it lists SAMBA and BUILTIN,
but not the real domain name (DOMAIN). If I do a "wbinfo -sequence", it
shows SAMBA and BUILTIN as 1, but DOMAIN as some large number. We're
guessing that SAMBA doesn't have a trust relationship with PDC, and
that's why DOMAIN doesn't appear in the list of trusted domains. 


Is that a fairly simple thing to fix, or am I looking in the wrong place


Shannon Johnson

Shannon Johnson 
IT Specialist II 
Mechanical and Nuclear Engineering 
Penn State University 
224 Reber Building 
University Park, PA 16802 
Phone: (814) 865-8267 
Fax: (814) 863-4848 


More information about the samba mailing list