[Samba] winbind use default domain = true with subdomain

Vex Mage dosmage at gmail.com
Fri Apr 23 20:08:09 UTC 2021


     We have a Windows AD server with a one way trust to our campus
identity server. Our Windows AD server has the domain/realm COE. The campus
identity server has the domain/realm of IDENTITY.

     I've joined a test machine to the COE domain. Initially I tried to use
sssd however only winbind seems to support one way trusts so I've joined
the domain via winbind.

     Currently I can id localuser at COE and id remoteuser at IDENTITY. I would
like to be able to do an id remoteuser and avoid the requirement of
including the realm. I can make this work for COE by setting winbind use
default domain = true however I cannot find any directive to include the

     Is it possible to accomplish setting the default realm to the trusted
domain and not specifically for the COE domain? I've also tried looking
into coercing realmd to set the subdomain as the primary/native but had no

    I would greatly appreciate any information anyone may be able to
provide. I can share more information such as configs however they're
really generic at the moment and they so far are working very well
otherwise. I'm only trying to avoid a paradigm shift by avoiding having to
reeducate our college's users to include their realm when logging into our
Linux computers. Thanks and apologies in advance. I absolutely do
appreciate it!

More information about the samba mailing list