Christopher Chance
2014-Sep-15 21:05 UTC
[Samba] Multiple Domains/Winbinds, ntlm_auth/wbinfo issue
Ok I'm at a loss, I have 2 instances on winbindd / smbdd / nmbdd running (basically copied to install from samba-multiple-domains.blogspot .com but with my domains and ip's) But the issue I have is that even though both domains joined, and I can see all the winbinds and smbs running, and no errors in the logs, it appears that wbinfo / ntlm_auth only work with one of the units, no matter which -configfile I specify when running ntlm_Auth (wbinfo I can't even figure out how to tell it to try the other winbind). I tried setting socket dir in each of the config files, but then ntlm_auth and wbinfo don't work at all. How can I specify which socket for ntlm_auth/wbinfo to use? Please help as I've been racking my head over this all day and reading all over the lists but so far no one seems to have explained it. Chris
Andrew Bartlett
2014-Sep-21 15:01 UTC
[Samba] Multiple Domains/Winbinds, ntlm_auth/wbinfo issue
On Mon, 2014-09-15 at 17:05 -0400, Christopher Chance wrote:> Ok I'm at a loss, I have 2 instances on winbindd / smbdd / nmbdd running (basically copied to install from samba-multiple-domains.blogspot .com but with my domains and ip's) > > But the issue I have is that even though both domains joined, and I can see all the winbinds and smbs running, and no errors in the logs, it appears that wbinfo / ntlm_auth only work with one of the units, no matter which -configfile I specify when running ntlm_Auth (wbinfo I can't even figure out how to tell it to try the other winbind). > > I tried setting socket dir in each of the config files, but then ntlm_auth and wbinfo don't work at all. > > How can I specify which socket for ntlm_auth/wbinfo to use? > > Please help as I've been racking my head over this all day and reading all over the lists but so far no one seems to have explained it.In Samba 4.0 and above the relevant path is compiled into the binary using --with-socketdir and --with-privileged-socketdir at configure time. Before that it was harder to change. Using two different install trees (--prefix) is the only practical option I see here, and would not allow nss_winbindd to talk to both, probably is no use for smbd (or would need very careful isolation), but if you only need ntlm_auth for some reason like NTLM auth in squid/apache it might work. Can you explain more about your configuration, and why can't you just have the domains trust each other? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba