[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba
Subject:    Re: [Samba] Samba authentication
From:       Rowland penny <rpenny () samba ! org>
Date:       2016-05-30 8:15:09
Message-ID: 574BF68D.9090805 () samba ! org
[Download RAW message or body]

On 30/05/16 08:48, Asen Asenov wrote:
> Hi.
>
> I have one question regarding configuration of Samba authentication against
> multiple AD domains. I red different topics for AD support, where Samba can
> act as DC or just Domain Member, or to trust other domains and etc, but
> none of this solves my problem. I don't have access to the domain
> controllers itself. I can contact them, with different admin credentials
> and so on, but I can't access them directly. I can join the machine to one
> of the domains, but I can't trust it from other domains, as I can't access
> them.
>
> So my question is whether there is an option to authenticate against
> multiple AD domains, without joining/trusting them – through PAM module or
> something else, keeping the security level at least to NTLMv1?
>
>
> Regards,
> Asen Asenov

To be honest, I have never tried this, but it should be possible if you 
join the domain member to a domain that is part of a forest, in this 
case each domain in a forest should trust each other.

see: https://technet.microsoft.com/en-us/library/cc787646%28v=ws.10%29.aspx

If you are talking about domains that are not in the same forest, then I 
don't think this will work, but if it will, then no doubt somebody will 
have done it and will post how.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
[prev in list] [next in list] [prev in thread] [next in thread]