[Samba] firewalls and winbind authentication to trusted domains

Michael Conigliaro mconigliaro at fandotech.com
Tue Mar 31 18:48:09 GMT 2009


I currently have a DOMAIN-A and a DOMAIN-B with a one-way trust so that
DOMAIN-B trusts DOMAIN-A. There is also a firewall separating the two
domains, and I have opened the necessary ports for authentication and
replication to take place between the domain controllers. This works

Now I have users on Domain A that need to log into machines on Domain B.
This works fine when a user logs into a Windows machine. However, I've
found that when logging into a Linux machine using winbind
authentication, the machine is attempting to communicate with the domain
controllers on DOMAIN-A. Authentication will not work unless I allow
this traffic, but for security reasons, I'd rather not have to. 

It's almost as if the Windows machines are able to obtain information
about DOMAIN-A from DOMAIN-B, but winbind cannot. Is there some way to
enable this behavior? I am using samba 3.2.7 on CentOS.

Michael Conigliaro
Computer Analyst
Fuss & O'Neill Technologies

More information about the samba mailing list