Security model in samba-2

Jeremy Allison jallison at
Wed Sep 2 16:58:03 GMT 1998

Andrej Borsenkow wrote:

> Assume, that samba server S is member of NT domain D1. Domain D1 has trusted relationship with domain D2. User U\D1 (that is, use U on domain D1) attempts to access server S. Suppose, that Unix user U exists.
> As it now appears, SAMBA will (by default at least) map user U\D1 to user U on S. It may or may not be what is wanted, but it is acceptable in many cases. Both servers are in the same domain, and there are good chances, that both users are the same.
> Now user U\D2 (that is, user U from domain D2) attempts to acces SAMBA. SAMBA will forward user's credential to domain controller of domain D1 wich will *accept* them (trust between two domains). It means, that U\D2 will end up mapped to U on S which is most probably totally wrong!!! It is totally different user from totally different domain.

Ok - but remember the UNIX machine has no concept of the
difference between user D1\U and D2\U - it only uses the
string 'U' to determine access.

> Note, that NT model has distinct user spaces for local NT system and for every NT domain (actually, local system is treated as separate domain). Local user 'bor' is totally different from domain user 'bor' which in turn has nothing to do with user 'bor' from any other domain (exactly the case we have here :))
> The "correct" model as I see it is:
>  - by default every Unix user is treated as local (in above sense); no external user is mapped
>    to local user by default
>  - there should be configurable way to map NT user to local user based on User+Domain.
>    Much better case is to use RID's (is it correct) to uniquly identify NT users.

Well what you want here is Samba in 'applience' mode -
where no local UNIX users are needed. This is planned
for but not written yet.

Another option would be to mangle any non-local domain
user names in a predictable way, so they don't map 
identially to unix users. Would this work for you ?



Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list