[Samba] Winbind authentication from different domain not working

Rowland Penny rpenny at samba.org
Sat Feb 17 15:31:13 UTC 2018

On Sat, 17 Feb 2018 16:17:43 +0100
"C. de Man" <c.deman82 at gmail.com> wrote:

> I’ve removed the following line from smb.conf:
> > winbind use default domain = Yes
> Although we are using it on a different server (who has direct access
> to all DC’s from both domains). And we are able to logon with
> credentials from a different domain. by using "ssh -l
> DOMAINA+username SERVER02"
> > We now come to the domain ranges, they must not overlap. Your '*'
> > range is set to '1000000-199999999', the domaina, domainb and
> > domainc ranges are all inside this range.
> I need to look into this as this has been used all over the network.
> Not sure what the impact would be on our Samba servers who are
> sharing files via SMB. Maybe we didn’t have issues so far as we are
> only doing SMB sharing in 1 domain (DOMAINA)

The ranges must not overlap, I think in this case, the least damage
(for want of a better word) will be done by changing the '*' domain
range to either below '1000001' or above '4000000'


More information about the samba mailing list