freeRADIUS+samba3.0.1+AD(multiple domains)

Hangjun He elmerhe at
Fri Feb 29 04:12:28 CET 2008

Great news!
  We are using krb5-1.3.2 and samba-3.0.1. These 2 version support multiple domains?
  Can you give me some example about how to configure krb5.conf and smb.comf?

Joe Vieira <jvieira at> 写道:
>> But there are multiple domains in active-directory. How to configure
>> freeRADIUS or samba can let it support multiple domains?

> FreeRADIUS just used Samba to do authentication with AD. The winbind
>&& ntlm_auth API used in Samba cannot authenticate to multiple domains.

that's not entirely true, you can (and i do) get samba to auth to multiple domains. the domains either need to be in the same forest,and or have full trusts back and forth. (i also found that adding them each to your kerberos config helps)

basically you join to one of them and you should be able to enumerate all the users from both thru winbind or getent...


List info/subscribe/unsubscribe? See

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list