Jean Francois Micouleau Jean-Francois.Micouleau at
Fri Dec 11 18:33:26 GMT 1998

On Sat, 12 Dec 1998, Andrej Borsenkow wrote:

> This logon request has also some bits that are not used currently. It
> explicitly sets "workstation trust account" bit. Do we have this currently
> in smbpasswd? 

Yep. Check the private/smbpasswd file, the field enclosed in brace defines
the kind of account and other things.

This can eliminate need to have "users" for workstations in
> /etc/passwd at all.

Nope. To have an account in smbpasswd, those account must be in
etc/passwd. Samba is based on unix security.

> And now I begin to understand how trust work ... It creates account for
> trusting domain in trusted domain (yes, we have trust here) and when it gets
> session setup for user from trusted domain, it sends SAMLOGON with "domain
> trust account" bit set, and then simply uses passthrough authentication ...
> Sounds easy, eh ?

Yep, I'm curious to see the network trace when you establish the trust

> It means, that smbpasswd has to have flags  "WS accounts", "domain account",

It already have the Ws account flag -> -m

> "user account" ... and nmbd should have access to it :)
> looks like it

Yep but there is still the dependency to solve.

> /andrej


More information about the samba-technical mailing list