Web lists-archives.com

[Samba] Winbind authentication from different domain not working

We are running winbind(4.6.2) on member server(CentOS 7) connected to a Active directory domain.

1 Forest with 2 domains with a 2 way trust between them.

We want users from “DOMAIN A” be able to logon(via SSH) on a server "SERVER01" in “DOMAIN B”.
This works well if the “SERVER01" in "DOMAIN B” can talk directly to “DOMAIN A” but when their is a firewall between “SERVER01”  and “DOMAIN A” is doesn’t work anymore.

winbind tries to lookup domain controller “DOMAIN A” for user validations directly.
It is not using the trust and validate “DOMAIN A” users via “DOMAIN B” domain controllers. 

The trust between the domains is working. We’ve put a windows 2008 machine in the same subnet.
And was able to logon with a user from “DOMAIN A” on the Windows server from “DOMAIN B”

Is their a way to inform winbind to use “DOMAIN B” to validate users from “DOMAIN A” ?



To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba