[Samba] ntlm_auth multiple domain authentication

Andrew Bartlett abartlet at samba.org
Thu Sep 22 22:36:53 GMT 2005

On Tue, 2005-09-20 at 09:22 -0500, Jamie Crawford wrote:
> Hi,
> I'm using ntlm_auth to authenticate users in freeradius.  My samba server 
> is joined to DOMAINA.  When I run ntlm_auth --username=domainauser everything 
> works great. When I run ntlm_auth --username=domainbuser it fails because the 
> user does not exist in domaina which the server is joined to.  

> If I run ntlm_auth --username=domainbuser --domain=domainb it works great.  
> I was wanting to do ntlm_auth --domain=domaina --domain=domainb 
> --username=domainbuser,  it works only because the second domain variable 
> is domainb. If I were to use a domainauser, it would fail.
> Any ideas???

It isn't the role of ntlm_auth to 'search' for users, it expects to be
told exactly what to return yes or no for.  What if you had the same
user in both domains?  (Administrator comes to mind).  

In the windows world, the domain is always specified, so this doesn't
come up as much.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050923/12943d1c/attachment.bin

More information about the samba mailing list