[Samba] Winbind authentication from different domain not working

C. de Man c.deman82 at gmail.com
Sat Feb 17 13:20:34 UTC 2018

We are running winbind(4.6.2) on member server(CentOS 7) connected to a Active directory domain.

1 Forest with 2 domains with a 2 way trust between them.

We want users from “DOMAIN A” be able to logon(via SSH) on a server "SERVER01" in “DOMAIN B”.
This works well if the “SERVER01" in "DOMAIN B” can talk directly to “DOMAIN A” but when their is a firewall between “SERVER01”  and “DOMAIN A” is doesn’t work anymore.

winbind tries to lookup domain controller “DOMAIN A” for user validations directly.
It is not using the trust and validate “DOMAIN A” users via “DOMAIN B” domain controllers. 

The trust between the domains is working. We’ve put a windows 2008 machine in the same subnet.
And was able to logon with a user from “DOMAIN A” on the Windows server from “DOMAIN B”

Is their a way to inform winbind to use “DOMAIN B” to validate users from “DOMAIN A” ?



More information about the samba mailing list