[Samba] Samba authentication

Rowland penny rpenny at samba.org
Mon May 30 08:15:09 UTC 2016

On 30/05/16 08:48, Asen Asenov wrote:
> Hi.
> I have one question regarding configuration of Samba authentication against
> multiple AD domains. I red different topics for AD support, where Samba can
> act as DC or just Domain Member, or to trust other domains and etc, but
> none of this solves my problem. I don't have access to the domain
> controllers itself. I can contact them, with different admin credentials
> and so on, but I can't access them directly. I can join the machine to one
> of the domains, but I can't trust it from other domains, as I can't access
> them.
> So my question is whether there is an option to authenticate against
> multiple AD domains, without joining/trusting them – through PAM module or
> something else, keeping the security level at least to NTLMv1?
> Regards,
> Asen Asenov

To be honest, I have never tried this, but it should be possible if you 
join the domain member to a domain that is part of a forest, in this 
case each domain in a forest should trust each other.

see: https://technet.microsoft.com/en-us/library/cc787646%28v=ws.10%29.aspx

If you are talking about domains that are not in the same forest, then I 
don't think this will work, but if it will, then no doubt somebody will 
have done it and will post how.


More information about the samba mailing list