Bug 15725 - Authentication against several Active Directories simultaneously via ntlm_auth
Summary: Authentication against several Active Directories simultaneously via ntlm_auth
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: unspecified
Hardware: All Linux
: P5 enhancement (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-09-26 14:09 UTC by Peter.Friede
Modified: 2024-09-27 01:53 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Peter.Friede 2024-09-26 14:09:41 UTC
Hello,

We are a group of software developers at macmon secure in Berlin (Germany). We have the following request as an extension of the current SAMBA server:

To perform authentications against several Active Directories(AD) simultaneously via ntlm_auth, an extension of the winbind service is required.
This was achieved by us for a test by making changes to the Samba source code. With this change we made, a separate Samba configuration file can be created for each connected AD and a separate instance of the winbind service can be started.
Is it possible to make such a customization in the original Samba source code?
If so, in what time frame would such an extension be available?
If desired, a corresponding patch with the changes could be made available for review.

Kind regards 
Peter Friede
Comment 1 Douglas Bagnall 2024-09-26 22:31:05 UTC
It will be easier if you show the proposed patch. It should include tests, with the patches broken down into small logical steps that leave things in a working state along the way.

My guess is that would raise your chances from zero to maybe.

After that you will need to explain the use case.

If it gets accepted into master, the time to a release is around 3-9 months (6 monthly releases, ~3 months freeze for new features).

The discussion might be better on the Samba Technical list https://lists.samba.org/mailman/listinfo/samba-technical 

When the patches are ready, they will need to come through gitlab merge requests.

I'm not a winbind expert so it won't be me reviewing. This is just general advice. 

Thanks for offering to improve Samba.
Comment 2 Jones Syue 2024-09-27 01:53:27 UTC
(In reply to Peter.Friede from comment #0)

> This was achieved by us for a test by making changes to the Samba source code.

I have a question: did it mean even followed this wiki guideline,
some changes to samba source code are still required to make 
'authetication against multiple AD with ntlm_auth' work? 
Thank you :)

https://wiki.samba.org/index.php/Multiple_Server_Instances