Hi, Everybody,

Thank-you for taking the time to help me idenfity if there is a potential solution to my problem. I feel that if there is a solution to this that it is probably a relatively simple configuration, however I have been struggling to identify a solution.

Ok, so here's the scoop; I am working in an environment with an
Active Directory forest where 100% of our user accounts exist one
domain and 100% of our computer objects exist in another domain. I
have winbind setup with pam & ssh, and everything is working fine. I
can authenticate across the trust no problem. My issue is that whever
I authenticate, I have to supply the domain name and whatever domain
separator is configured in smb.conf to get this working. I know about
the "use default domain" option in smb.conf, but from what I
understand this will only "prepend" the default realm, or the domain
that the computer is actually a domain member of. So really, I want
to:

1) set the 'use default domain' option (or implement similar functionality) AND
2) specify the actual domain that is used (i.e. a domain that is
trusted, although NOT the domain that the server is actually a member
of).

Does anybody know if this is possible? In my opinion this is more of
a usability issue than anything (i.e. it is kind of a pain to type in
the domain name every time I authenticate). I would think that
achieving this effect (specifying "use default domain" and
deterministally configuring the default logon domain) would be
feasible, but I'm stilling banging my head against the wall trying to
figure out if this is possible.

I've already tried;
1) setting the default_realm in the [libdefaults] stanza in /etc/krb5.conf
2) using a usermap supplied in /etc/samba/smb.conf

If anybody knows how to do this, or could point me to a piece of
documentation that suggests a way to implement this sort of
configuration, I would greatly appreciate it. Thank-you so much, and
have a wonderful day.

Dan Sullivan