[Samba] Share files to users from two domains with winbind

edson edeaoinfor at gmail.com
Sun Mar 19 21:52:38 UTC 2017 

Hello.

I need the file server to authenticate users from two domains. Of DOMAINA
that the file server has joined and users of DOMAINB that maintains a trust
relationship with DOMAINA.

I have two domain forests (DOMAINE and DOMAINB), and a trust relationship
exists between both. DOMAINA servers are running with samba version 4.5
(with CentOS 7 system) the DOMAINB server is running with windows server
2012R2.

I use winbind on the file server (with CentOS 7) and samba version 4.4.4. I
can access shares by logging on to DOMAINA users.

But when I try to access the shares with DOMAINB users from DOMAINA
workstations, I have permission denied.

Follows the contents of the smb.conf file.

[global]
WORKGROUP = DOMAINE
Realm = DOMAINA.COM
Netbios name = FILESERVER
Security = ads
Log level = 3
Log file = /var/log/samba/log.all
Max log size = 4000
Domain master = no
Local master = no
Idmap config *: backend = tdb
Idmap config *: range = 1500-1000000
Idmap config DOMAINA: backend = rid
Idmap config DOMAINA: range = 2000000-6000000
Idmap config DOMAINA: backend = rid
Idmap config DOMAINA: range = 6000001-9000000
# Winbind Configurations #
Winbind enum users = NO
Winbind enum groups = NO
Winbind refresh tickets = yes
Winbind reconnect delay = 60
Winbind nested groups = yes
Winbind expand groups = 10
# Winbind connections #
Winbind max domain connections = 15
Winbind max clients = 200
# Configurations cache #
Winbind cache time = 180
Winbind offline logon = NO
# Template Configurations #
Winbind nss info = template
Template homedir = / home /% D /% U
Template shell = / bin / false


[Board]
Path = / mnt / samba / directory
        Read only = No


When I run the command the users are displayed:

Wbinfo -u --domain = DOMAINB

But when I run the following two commands the users and groups of the
DOMAINB that is maintained the trust is not displayed.

Getent passwd DOMAINB \\ administrator
Getent group DOMAINB \\ financial

But the /etc/nsswitch.conf file is configured correctly to use winbind.

How can i make winbind work with two domains?

Can someone please help me?

-- 
Att,

Edson Oliveira

More information about the samba mailing list