[Samba] allow trusted domains
Victor Sudakov
vas at mpeks.tomsk.su
Sat Mar 3 02:59:23 MST 2012
Andrew Bartlett wrote:
> > As written in http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html
> >
> > "Where winbindd is not used Samba (smbd) uses the underlying
> > UNIX/Linux mechanisms to resolve the identity of incoming network
> > traffic. This is done using the LoginID (account name) in the session
> > setup request and passing it to the getpwnam() system function call.
> > This call is implemented using the name service switch (NSS) mechanism
> > on modern UNIX/Linux systems. By saying "users and groups are local,"
> > we are implying that they are stored only on the local system, in the
> > /etc/passwd and /etc/group respectively.
> >
> > For example, when the user BERYLIUM\WambatW tries to open a connection
> > to a Samba server the incoming SessionSetupAndX request will make a
> > system call to look up the user WambatW in the /etc/passwd file. "
> >
> > My question: if BERYLIUM trusts ANOTHERDOMAIN, and
> > ANOTHERDOMAIN\WambatW tries to open a connection to my Samba server,
> > what user will be looked up in /etc/passwd?
>
> It should be:
> ANOTHERDOMAIN\WambatW
A Unix user with a slash in the login name? Sorry I doubt that because
I have a script in smb.conf:
add user script = /usr/sbin/pw useradd %u -m -Y -M 755
and the script's log shows that those users from trusted domains are
being created as "WambatW", not "ANOTHERDOMAIN\WambatW".
How/where can I see/debug the actual mapping happening?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the samba
mailing list