[Samba] Authentication with trusted credentials

Rowland penny rpenny at samba.org
Thu Jul 16 21:19:17 UTC 2020

On 16/07/2020 22:13, Yakov Revyakin wrote:
> Thank you! I have food for tomorrow. Now I only want to voice some of 
> my considerations.
> Imagine that a domain had no trusts. At this time a PC became a member 
> of this domain.
> After some time DC made trust with another domain. In this case 
> existing members don't consider any extra configuration like adding 
> knowledge about new realm, DNS, etc. Existing configuration already 
> provides means of login and session for a user of a trusted domain.
> In my case Linux PC was informed about trusting DNS before joining 
> the domain. After setting DNS but before joining the domain I could 
> authenticate users from both trusting and trusted domains with kinit 
> without any modifications in krb5.conf. And it is what I was waiting for.
> So, the PC already has a means to authenticate users from both 
> domains.  How to enable that means?
Are you using sssd ?

If you are, then ask on the sssd-users mailing list, because it is sssd 
that will be doing the authentication, not Samba. We do not produce 
sssd, so know little about it.

If you are not using sssd, then we can look into your problem.


More information about the samba mailing list