Samba experts here please

Silent Bob

Silent Bob

Silent Bob

Associate
Joined
24 Oct 2002
Posts
2,371
Location
Cambridge
Here at work we have a linux file server running samba. It is currently configured to be authenticated against our windows domain users. This works fine but we've got another seperate domain on our network. The users on this second windows domain are unable to access this samba share. So my question is, is it possible to configure samba to authenticate users on 2 domains. If so can anyone point me in the right direction?

Thanks
 
I think that the only way you can acheive this in Samba itself is by using kerberos (ADS) authentication, specify two realms/domains in your krb5.conf, and kinit each realm individually.

I think Windows server 2003 does this itself, when configuring two domains in the same forest with a trust relationship.

If the clients to which you want to give access are on seperate subnets, you could also do it by running two seperate instances of smbd/nmbd with the same config, except for the domain name and authentication server address (and perhaps a few more things like the PID file for both smbd/nmbd) and bind them to their own IP/subnet.
 
Aint going to be easy really. The best way of doing this would be to establish a trust relationship between the two domains in AD and have all users authenticate via one of those domains to the Samba box.
 
Thanks for the replies. I don't think I can use the active directory trust to do this as it's an external trust and from what I see it doesn't let you do this.

I've set up a couple of samba servers using kerberos authentication so I'll try doing it that way.
 
I've been doing some more work on this and have got winbind working. If I do a wbinfo -u it lists all the computers and users in both domains. All the users/computers that are on the other domain from the samba machine are listed as DOMAIN+user, everything on the same domain as the samba machine just has the computer/user name.

I can also run getent passwd and that lists all users on both domains.

However when I try to access the samba share from a user account on the second domain it says that the username/password is incorrect.

Does anybody have any ideas?

EDIT:

I managed to sort it, changing a pam setting in smb.conf fixed it :)
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom