samba-users August 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] How to configure winbind to work with two d

[Samba] How to configure winbind to work with two domain controllers?

From: Sergey Stepanov <s.stepanov_at_nospam>
Date: Wed Aug 11 2010 - 14:36:26 GMT
To: samba@lists.samba.org

Hello

I have two domain controllers on win2k3 (say srv1.domain1 and
srv2.domain2) and winbind runnning on 3rd linux server (

When I put "workgroup = domain1" in smb.conf, i can work with domain1
only, i.e.
# ntlm_auth --username=dom1user --domain=domain1 --password=goodpassword
NT_STATUS_OK: Success (0x0)
but with domain2 fails:
# ntlm_auth --username=dom2user --domain=domain2 --password=goodpassword
NT_STATUS_NO_SUCH_USER: No such user (0xc0000064)

When i change workgroup to "workgroup = domain2", the things changed:
domain1 fails:
# ntlm_auth --username=dom1user --domain=domain1 --password=goodpassword
NT_STATUS_NO_SUCH_USER: No such user (0xc0000064)
domain2 is ok:
# ntlm_auth --username=dom2user --domain=domain2 --password=goodpassword
NT_STATUS_OK: Success (0x0)

Please, help, how to tell winbind to work with both domain controllers.

winbind and ntlm_auth built from RHEL/CENTOS 5.5 srpm:
# /usr/bin/ntlm_auth -V
Version 3.0.33-3.28
/usr/sbin/winbindd -V
Version 3.0.33-3.28

kerberos is not used.

sample smb.conf:
[global]
    winbind separator = +
    winbind use default domain = no
    winbind enum users = no
    winbind enum groups = no
    winbind use default domain = no
    security = domain
    encrypt passwords = yes
    wins support = no
    enhanced browsing = no
    domain master = no
    domain logons = no
    local master = no
    preferred master = no
    name resolve order = lmhosts
    auth methods = winbind
    workgroup = domain1 # or domain2
    netbios name = SERVER
    password server = ip1 ip2 * # or without *

-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba