freeRADIUS+samba3.0.1+AD(multiple domains)

Hangjun He elmerhe at yahoo.com.cn
Fri Feb 29 04:12:28 CET 2008


Great news!
   
  We are using krb5-1.3.2 and samba-3.0.1. These 2 version support multiple domains?
  Can you give me some example about how to configure krb5.conf and smb.comf?
   
  Thanks.
  John
  

Joe Vieira <jvieira at clarku.edu> 写道:
  
>> But there are multiple domains in active-directory. How to configure
>> freeRADIUS or samba can let it support multiple domains?

> FreeRADIUS just used Samba to do authentication with AD. The winbind
>&& ntlm_auth API used in Samba cannot authenticate to multiple domains.

that's not entirely true, you can (and i do) get samba to auth to multiple domains. the domains either need to be in the same forest,and or have full trusts back and forth. (i also found that adding them each to your kerberos config helps)

basically you join to one of them and you should be able to enumerate all the users from both thru winbind or getent...

Joe

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


       
---------------------------------
雅虎邮箱传递新年祝福,个性贺卡送亲朋! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080229/f0f5def9/attachment.html>


More information about the Freeradius-Users mailing list