Running Samba/Winbind with two domains



First: I'm not a Linux administrator, and I don't know what I don't know (if you know what I mean).

We have this server here at work, named FAXSERVER, running the Red Hat Enterprise Linux ES release 3 (Taroon Update 8) distro, along with Samba version 3.0.9-1.3E.12. The directory /home/faxes/ is shared out to our domain via Samba/Winbind.

This is primarily a Windows network. Windows domain controller, etc. I'm on this primary domain (DOMAIN1). And there is another domain. It's a trusted domain (DOMAIN2). I want users authenticating to DOMAIN2 to be able to access /home/faxes/ on this server as well. I can't seem to be able to make it happen.

Here's what I've (clumsily) tried so far:


The permissions for /home/faxes/ are as follows: drwxrwsr-x 57 uucp 10001 4096 Jul 24 2012 faxes. Looks like everyone has read/execute permission, and the file owner and members of the file's group additionally have write permission.

There are currently three Samba users set up, according to /etc/samba/smbusers: root (mapped to 'administrator' and 'admin'), nobody (mapped to 'guest', 'pcguest', and 'smbguest'), and mike (mapped to 'mike').

The Samba configuration (location: /etc/samba/smb.conf) for /faxes/ is currently as follows:

comment = FAX faxes​
writable = yes​
printable = no​
public = yes​
guest ok = yes​
create mask = 0665​

Prior to me looking into it, the "guest ok" flag was set to no. I changed it to "yes" (since "public=yes" seems to make this redundant) and restarted the Samba service (service smb restart). It doesn't appear that this resolved the issue, but I wanted to try it.


The 'wbinfo -g' command gives me a list of all user groups, but they're all under DOMAIN1\*. There are no DOMAIN2\* groups listed.

The 'wbinfo -m' command gives me a list of all trusted domains: FAXSERVER, BUILTIN, and DOMAIN2. So DOMAIN2 is trusted by FAXSERVER.

I'm also able to query both DOMAIN1 and DOMAIN2 from FAXSERVER:

[root@faxserver home]# wbinfo -D DOMAIN1

Name : DOMAIN1​
SID : S-1-3-59-7490224-282867100-4786781930​
Active Directory : Yes​
Native : Yes​
Primary : Yes​
Sequence : 62852289​

[root@faxserver home]# wbinfo -D DOMAIN2

Name : DOMAIN2​
Alt_Name :​
SID : S-1-5-21-3827589627-1874523873-1381929582​
Active Directory : No​
Native : No​
Primary : No​
Sequence : -1​

I don't really know what I'm doing. This is likely self-evident. Is it a matter of changing the "Active Directory" flag under DOMAIN2 from "No" to "Yes"? If so, how would I go about doing that?

Or is this an impossible task, and I'll just end up chasing my tail?

So, Domain1 has access to /home/faxes right? How did you set that up?
Can we see all of /etc/samba/smb.conf ? From Global settings to the end?

Members online

Latest posts