[Samba] Winbind authentication from different domain not working

Rowland Penny rpenny at samba.org
Sat Feb 17 14:09:52 UTC 2018

On Sat, 17 Feb 2018 14:20:34 +0100
"C. de Man via samba" <samba at lists.samba.org> wrote:

> We are running winbind(4.6.2) on member server(CentOS 7) connected to
> a Active directory domain.
> 1 Forest with 2 domains with a 2 way trust between them.
> We want users from “DOMAIN A” be able to logon(via SSH) on a server
> "SERVER01" in “DOMAIN B”. This works well if the “SERVER01" in
> "DOMAIN B” can talk directly to “DOMAIN A” but when their is a
> firewall between “SERVER01”  and “DOMAIN A” is doesn’t work anymore.
> winbind tries to lookup domain controller “DOMAIN A” for user
> validations directly. It is not using the trust and validate “DOMAIN
> A” users via “DOMAIN B” domain controllers. 
> The trust between the domains is working. We’ve put a windows 2008
> machine in the same subnet. And was able to logon with a user from
> “DOMAIN A” on the Windows server from “DOMAIN B”
> Is their a way to inform winbind to use “DOMAIN B” to validate users
> from “DOMAIN A” ?

It might help if we knew what you are doing at the moment, so can you
please post your smb.conf, do not attach this to a post, paste it into
the post.


More information about the samba mailing list