Andrej Borsenkow borsenkow.msk at
Fri Dec 11 18:19:15 GMT 1998

> provided (thanks!) by andrej, here is an example SAMLOGON request which
> contains a domain SID and a workstation trust account name. to answer
> these correctly, we will need getsmbpwnam() calls in nmbd, methinks.

This logon request has also some bits that are not used currently. It
explicitly sets "workstation trust account" bit. Do we have this currently
in smbpasswd? This can eliminate need to have "users" for workstations in
/etc/passwd at all.

And now I begin to understand how trust work ... It creates account for
trusting domain in trusted domain (yes, we have trust here) and when it gets
session setup for user from trusted domain, it sends SAMLOGON with "domain
trust account" bit set, and then simply uses passthrough authentication ...
Sounds easy, eh ?

It means, that smbpasswd has to have flags  "WS accounts", "domain account",
"user account" ... and nmbd should have access to it :)

looks like it


More information about the samba-technical mailing list