Authentication through Transitive Trusts
Rafal Szczesniak
mimir at samba.org
Wed Apr 2 20:27:00 GMT 2003
On Tue, Apr 01, 2003 at 10:45:07AM -0500, Ken Cross wrote:
> Samba-folk:
>
> I have an Active Directory with SUPTRA at the top and 2 other AD
> servers, KAMA and CAMP.
>
> If Samba joins KAMA, it can authenticate against KAMA and/or SUPTRA, but
> not CAMP. wbinfo -u shows users from all 3 servers, but wbinfo -m only
> shows SUPTRA.
>
> KAMA and CAMP have an implicit transitive trust, but I can't seem to get
> Samba to use it. The authentication request is sent to KAMA, but it
> gets NT_STATUS_NO_SUCH_USER. (Same results if it joins CAMP and tries
> to authenticate against KAMA.)
Sounds like winbind doesn't map to unix uid, correctly or your ads domain
join didn't work. You use winbind, don't you ?
> Is there some trick to using transitive trusts (SAMBA_3_0)?
Nope. Just make sure you have 'allow trusted domains = yes'. It's set this
way by default.
cheers,
--
Rafal Szczesniak mimir[at]diament.ists.pwr.wroc.pl
Samba Team member mimir[at]samba.org
+---------------------------------------------------------+
*BSD, GNU/Linux and Samba http://www.samba.org
+---------------------------------------------------------+
More information about the samba-technical
mailing list