[Samba] Winbind authentication from different domain not working
Rowland Penny
rpenny at samba.org
Sat Feb 17 14:49:33 UTC 2018
On Sat, 17 Feb 2018 15:31:19 +0100
"C. de Man via samba" <samba at lists.samba.org> wrote:
> config smb.conf
> [global]
> realm = DOMAINB
> workgroup = DOMAINB
> security = ADS
> template homedir = /home/%U
> template shell = /bin/bash
> winbind expand groups = 1
> winbind separator = +
> winbind use default domain = Yes
> idmap config domainb : range = 3000001 - 4000000
> idmap config domainb : backend = rid
> idmap config domainc : range = 2000001 - 3000000
> idmap config domainc : backend = rid
> idmap config domaina : range = 1000001 - 2000000
> idmap config domaina : backend = rid
> idmap config * : range = 1000000-199999999
> idmap config * : backend = tdb
>
First thing, you cannot use 'winbind use default domain = Yes' if you
are using trusted domains.
We now come to the domain ranges, they must not overlap. Your '*' range
is set to '1000000-199999999', the domaina, domainb and domainc ranges
are all inside this range.
From what you have posted, your realm & workgroup are identical
'DOMAINB', I would have expected the realm to have been something like
'DOMAINB.TLD'
Rowland
More information about the samba
mailing list