Trusted domain causing security violation under Samba-2.0x

[Jason Haar]

Hi there

I've got a user on our domain - "user1" - who has access to a Samba share.
There happens to be another user in one of our trusted domains (NT
environment) who has the same usercode (but with a different password BTW).

If TRUSTED\user1 attempts to access the Samba share that LOCALDOM\user1 has
access to, they gain access as user1!!!

Jeremy Allison pointed out to me that this is due to Unix not being able to
handle the same usercode from differnet domains (fair enough), however I
think that should mean that Samba makes special checks in this case.

What would be the downside to Samba making note of the domain from which the
auth request came from, and just rejecting it out-of-hand if it's not the
"workgroup" entry defined in smb.conf? Or binding that to a new conf option
- like "reject trust"?



-- 
Cheers

Jason Haar

Unix/Network Specialist, Trimble NZ
Phone: +64 3 3391 377 Fax: +64 3 3391 417