[Samba] Multiple Domains/Winbinds, ntlm_auth/wbinfo issue

[Andrew Bartlett]

On Mon, 2014-09-15 at 17:05 -0400, Christopher Chance wrote:
> Ok I'm at a loss, I have 2 instances on winbindd / smbdd / nmbdd running (basically copied to install from samba-multiple-domains.blogspot .com but with my domains and ip's)
> 
> But the issue I have is that even though both domains joined, and I can see all the winbinds and smbs running, and no errors in the logs, it appears that wbinfo / ntlm_auth only work with one of the units, no matter which -configfile I specify when running ntlm_Auth (wbinfo I can't even figure out how to tell it to try the other winbind).
> 
> I tried setting socket dir in each of the config files, but then ntlm_auth and wbinfo don't work at all.
> 
> How can I specify which socket for ntlm_auth/wbinfo to use?
> 
> Please help as I've been racking my head over this all day and reading all over the lists but so far no one seems to have explained it.

In Samba 4.0 and above the relevant path is compiled into the binary
using --with-socketdir and --with-privileged-socketdir at configure
time.  Before that it was harder to change.

Using two different install trees (--prefix) is the only practical
option I see here, and would not allow nss_winbindd to talk to both,
probably is no use for smbd (or would need very careful isolation), but
if you only need ntlm_auth for some reason like NTLM auth in
squid/apache it might work.

Can you explain more about your configuration, and why can't you just
have the domains trust each other?

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba