Hi I don't know exactly what you have to do.
I have implemented something like this. ------- ------- | RAD |---------| AD1 | ------- ------- | ------- ------------| AD2 | ------- It's done with a perl module over rlm_perl. The perl module looks for witch domain the request is and starts the right winbind-daemon. It's not really nice. The problem is that a samba server only could be member of one domain. The samba team said that samba4 would support more then one domain or you could change the samba3-code to support multiple sockets on winbind (i think it was discussed on the samba-mailinglist). If you can build trusts between the domains it's much more easier. This way you can auth on a single point. It should look like this ------- ------- | RAD |---------| AD1 | ------- ------- | ------- | AD2 | ------- A other way is to proxy the requests to a radius on the samba server. It looks like this ------- ------------- | RAD |---------| RAD - AD1 | ------- ------------- | ------------- ------------| RAD - AD2 | ------------- If you need more infos about my implementation write again. Lukas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html