[Samba] using Windows DC in security = server mode
gml4410 at gsk.com
Mon Apr 14 18:16:28 GMT 2008
We run Samba, but wish to authenticate against Windows DC. We do this
using the "security = server" mode. We don't have the option of being
part of the Windows setup directly. Although authentication is done
against Windows DC (so users are not prompted for passwords) users do
need a Unix account to use the service.
We have users in multiple Windows domains, and the DCs we point them at
all trust the other domains (they exist for a variety of reason related
to mergers and historic, trans-Atlantic boundaries).
On an (old) 2.2.x version of Samba this works - users from multiple
domains can be validated on the same server just by pointing at a single
With 3.0.28a (and earlier 3.0.x versions) this no longer works. Only
users in the default domain of the DC are validated.
A few lines of debug code show that what is happening now is that the
domain put into the user_info structure, and hence what is seen by
check_smbserver_security (in auth_server.c) is the name of the local
I need this to be the domain as supplied by the caller.
Can someone explain the reason behind the change, and what I can do to
get the (correct) user-supplied domain to be used when authenticated
against a Windows DC in "security = server" mode.
More information about the samba