On 30/05/16 08:48, Asen Asenov wrote:> Hi.
>
> I have one question regarding configuration of Samba authentication against
> multiple AD domains. I red different topics for AD support, where Samba can
> act as DC or just Domain Member, or to trust other domains and etc, but
> none of this solves my problem. I don't have access to the domain
> controllers itself. I can contact them, with different admin credentials
> and so on, but I can't access them directly. I can join the machine to
one
> of the domains, but I can't trust it from other domains, as I can't
access
> them.
>
> So my question is whether there is an option to authenticate against
> multiple AD domains, without joining/trusting them – through PAM module or
> something else, keeping the security level at least to NTLMv1?
>
>
> Regards,
> Asen Asenov
To be honest, I have never tried this, but it should be possible if you
join the domain member to a domain that is part of a forest, in this
case each domain in a forest should trust each other.
see: https://technet.microsoft.com/en-us/library/cc787646%28v=ws.10%29.aspx
If you are talking about domains that are not in the same forest, then I
don't think this will work, but if it will, then no doubt somebody will
have done it and will post how.
Rowland