[Samba] How to configure winbind to work with two domain controllers?
Sergey Stepanov
s.stepanov at ideco-software.ru
Wed Aug 11 08:36:26 MDT 2010
Hello
I have two domain controllers on win2k3 (say srv1.domain1 and
srv2.domain2) and winbind runnning on 3rd linux server (
When I put "workgroup = domain1" in smb.conf, i can work with domain1
only, i.e.
# ntlm_auth --username=dom1user --domain=domain1 --password=goodpassword
NT_STATUS_OK: Success (0x0)
but with domain2 fails:
# ntlm_auth --username=dom2user --domain=domain2 --password=goodpassword
NT_STATUS_NO_SUCH_USER: No such user (0xc0000064)
When i change workgroup to "workgroup = domain2", the things changed:
domain1 fails:
# ntlm_auth --username=dom1user --domain=domain1 --password=goodpassword
NT_STATUS_NO_SUCH_USER: No such user (0xc0000064)
domain2 is ok:
# ntlm_auth --username=dom2user --domain=domain2 --password=goodpassword
NT_STATUS_OK: Success (0x0)
Please, help, how to tell winbind to work with both domain controllers.
winbind and ntlm_auth built from RHEL/CENTOS 5.5 srpm:
# /usr/bin/ntlm_auth -V
Version 3.0.33-3.28
/usr/sbin/winbindd -V
Version 3.0.33-3.28
kerberos is not used.
sample smb.conf:
[global]
winbind separator = +
winbind use default domain = no
winbind enum users = no
winbind enum groups = no
winbind use default domain = no
security = domain
encrypt passwords = yes
wins support = no
enhanced browsing = no
domain master = no
domain logons = no
local master = no
preferred master = no
name resolve order = lmhosts
auth methods = winbind
workgroup = domain1 # or domain2
netbios name = SERVER
password server = ip1 ip2 * # or without *
More information about the samba
mailing list