[Samba] Samba authentication
Rowland penny
rpenny at samba.org
Mon May 30 08:15:09 UTC 2016
On 30/05/16 08:48, Asen Asenov wrote:
> Hi.
>
> I have one question regarding configuration of Samba authentication against
> multiple AD domains. I red different topics for AD support, where Samba can
> act as DC or just Domain Member, or to trust other domains and etc, but
> none of this solves my problem. I don't have access to the domain
> controllers itself. I can contact them, with different admin credentials
> and so on, but I can't access them directly. I can join the machine to one
> of the domains, but I can't trust it from other domains, as I can't access
> them.
>
> So my question is whether there is an option to authenticate against
> multiple AD domains, without joining/trusting them – through PAM module or
> something else, keeping the security level at least to NTLMv1?
>
>
> Regards,
> Asen Asenov
To be honest, I have never tried this, but it should be possible if you
join the domain member to a domain that is part of a forest, in this
case each domain in a forest should trust each other.
see: https://technet.microsoft.com/en-us/library/cc787646%28v=ws.10%29.aspx
If you are talking about domains that are not in the same forest, then I
don't think this will work, but if it will, then no doubt somebody will
have done it and will post how.
Rowland
More information about the samba
mailing list