I have WinBind / Samba working in CentOS to facilitate AD Single Sign
On with Deki.

I had to configure my /etc/samba/smb.conf with the following to work:

workgroup = mydom1
security = domain
password server = dc02.mydom1.company.com dc01.mydom1.company.com
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = yes


The problem now is that I have users on another domain,
mydom2.company.com that need access to the wiki site as well.

I can do the wbinfo -m and I see both domains listed.

I added another service in deki service management copying the original one but changing the "Searchbase" to be "DC=mydom2,DC=company,DC=com"

But it still won't work. The users in the second domain get an error saying "We could not authenticate you".

Obviously missing something here but I not sure what. Any thoughts?

Sounds like two challenges here: The apache NTLM module setup and deki's ldap service both need to understand your two domains.

If you don't need external group support then you can bypass deki's ldap service entirely and use local users with the auth being done by apache. You can still use deki groups for permissions.

Otherwise you'll have to do something creative with deki's ldap service. If the two domains are on the same DC you can try changing your searchbase to "DC=company,DC=com". You may need to preset a bindingdn and a bindingpw to a known account that has query access to both domains.

Let us know what ends up working for you.