[Samba] multi-domain authentication

Michael Gasch gasch at eva.mpg.de
Fri Sep 9 11:17:19 GMT 2005

with local you mean DOMA or the samba workstation itself?

we recently implemented a one-way trust between DOMA and DOMB to allow 
MS Terminal Server users to authenticate users from both domains.

all member servers (samba) have to use winbindd to "see" trusted 
accounts. please read the appropriate chapters in JHT's docs and trust 
settings in smb.conf.

then you will be able to specify valid users = DOMA\joe DOMB\joe for 


David F. Newman wrote:
> On Thursday 08 September 2005 02:34, Michael Gasch wrote:
>>David F. Newman wrote:
>>>Can samba be used with security = server to authenticate a user in a
>>>domain other than what the samba server is in?
>>>i.e. The samba server is set to workgroup NA and I have a user called
>>>EU\joe that is trying to access a share but it seems it is checking the
>>>password against NA\joe.  I have a username map of
>>>joe		EU\joe
>>i think you have to establish a trust between DOM NA and DOM EU - for
>>this to work you have to deal with winbindd, too.
>>mapping won't be sufficient until your users (joe & EU\joe) have the
>>same passwords
> I am not looking to authenticate shell access against a windows server.  I'm 
> only trying to authenticate access to smbd against a windows server.  I'm 
> using "security = server" with the password server set to the domain 
> controllers of my local domain.  There is a trust between the two domains.  
> But smbd only seems to authenticate users who are in the local domain.
> -Dave

Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig

Phone: 49 (0)341 - 3550 137

More information about the samba mailing list