[Samba] using Windows DC in security = server mode

Gordon Lack gml4410 at gsk.com
Mon Apr 14 18:16:28 GMT 2008

We run Samba, but wish to authenticate against Windows DC.  We do this 
using the "security = server" mode.  We don't have the option of being 
part of the Windows setup directly.  Although authentication is done 
against Windows DC (so users are not prompted for passwords) users do 
need a Unix account to use the service.

We have users in multiple Windows domains, and the DCs we point them at 
all trust the other domains (they exist for a variety of reason related 
to mergers and historic, trans-Atlantic boundaries).

On an (old) 2.2.x version of Samba this works - users from multiple 
domains can be validated on the same server just by pointing at a single 
Windows DC.

With 3.0.28a (and earlier 3.0.x versions) this no longer works.  Only 
users in the default domain of the DC are validated.

A few lines of debug code show that what is happening now is that the 
domain put into the user_info structure, and hence what is seen by 
check_smbserver_security (in auth_server.c) is the name of the local 

I need this to be the domain as supplied by the caller.

Can someone explain the reason behind the change, and what I can do to 
get the (correct) user-supplied domain to be used when authenticated 
against a Windows DC in "security = server" mode.

More information about the samba mailing list