[Samba] NtLm auth with multiple ad domains

L.P.H. van Belle belle at bazuin.nl
Mon May 22 11:13:34 UTC 2017 

As fas as i know, you need samba 4.6 for domain trusts.

Read: 
https://wiki.samba.org/index.php/Raising_the_Functional_Levels#Using_the_Windows_Active_Directory_Domains_and_Trusts_Utility_2 
And https://wiki.samba.org/index.php/FAQ#Does_Samba_AD_Supports_Trust_Relationship.3F
Does Samba AD Supports Trust Relationship?
The trust feature is experimental and has several limitations, such as: 
## SID filtering rules are not applied
## You cannot add users and groups of a trusted domain into domain groups. 

https://www.samba.org/samba/history/samba-4.6.0.html 
Read the : winbind changes.

So i dont think this is going to work with samba 4.4.x of 4.5.x 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Arnab Roy via samba
> Verzonden: maandag 22 mei 2017 12:17
> Aan: Rowland Penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] NtLm auth with multiple ad domains
> 
> Ok, been playing around a little more :
> 
> Looking at the man page
> https://www.samba.org/samba/docs/man/manpages/smb.conf.5.html
> 
> It looks like the
> winbindd privileged socket directory
> Has no effect on the location of the privileged pipe, it 
> always ends up in
> 
> /var/lib/samba/winbindd_privileged/pipe
> 
> Anyone willing to help me here a little bit ?
> 
> 
> 
> On Sun, May 21, 2017 at 1:18 PM, Arnab Roy <arniekol at gmail.com> wrote:
> 
> > Hi ,
> >
> > Any suggestions on the config I really need to get this 
> working I am 
> > on fedora with samba 4.45 ?
> >
> > I know their is a probable way of getting this to work but 
> not seen a 
> > complete example anywhere..
> >
> > I have seen a commercial product which runs centos use samba and 
> > Kerberos across multiple disjoint domains.
> >
> > Your help would really appreciated.
> >
> > Many thanks
> > Arnab
> >
> > On 21 May 2017 9:34 am, "Rowland Penny" <rpenny at samba.org> wrote:
> >
> >> On Sun, 21 May 2017 08:58:40 +0100
> >> Arnab Roy via samba <samba at lists.samba.org> wrote:
> >>
> >> > Hi ,
> >> >
> >> > I need to use ntlm_auth across two different AD domains 
> and their 
> >> > is no trust between the 2 domains. I followed the post
> >> > http://samba-multiple-
> >> > 
> domains.blogspot.co.uk/2010/03/how-to-join-one-linux-box-to-two.htm
> >> > l <https://deref-mail.com/mail/client/44YIgEylY9w/dereferrer/?
> >> redirectUrl=http%3A%2F%2Fsamba-multiple-domains.blogspot.co.
> >> uk%2F2010%2F03%2Fhow-to-join-one-linux-box-to-two.html>
> >> >
> >>
> >> Interesting, but I can see one possible problem, the howto was 
> >> written for Ubuntu-9.10 and you are probably using a 
> recent version 
> >> of Samba and smbpass has been removed. There are other problems 
> >> 'idmap uid & idmap gid' are deprecated in favour of 'idmap 
> config' , 
> >> also the range numbers used are a bit low.
> >>
> >> Rowland
> >>
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list