Authentication through Transitive Trusts
Ken Cross
kcross at nssolutions.com
Wed Apr 2 20:36:55 GMT 2003
All operations are working correctly, including user/group mapping,
user/group listings, authentication, etc.
And everything works fine for domains listed in wbinfo -m. The only
problem comes when trying to authenticate against a sibling in the
forest (KAMA vs. CAMP in my example). These are transitive trusts are
don't get listed in wbinfo -m.
I was mainly looking to see if anybody else has done this successfully
in similar configurations.
Ken
________________________________
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
kcross at nssolutions.com
> -----Original Message-----
> From:
> samba-technical-bounces+kcross=nssolutions.com at lists.samba.org
>
> [mailto:samba-technical-bounces+kcross=nssolutions.com at lists.s
> amba.org] On Behalf Of Rafal Szczesniak
> Sent: Wednesday, April 02, 2003 3:27 PM
> To: Ken Cross
> Cc: 'Multiple recipients of list SAMBA-TECHNICAL'
> Subject: Re: Authentication through Transitive Trusts
>
>
> On Tue, Apr 01, 2003 at 10:45:07AM -0500, Ken Cross wrote:
> > Samba-folk:
> >
> > I have an Active Directory with SUPTRA at the top and 2 other AD
> > servers, KAMA and CAMP.
> >
> > If Samba joins KAMA, it can authenticate against KAMA
> and/or SUPTRA,
> > but not CAMP. wbinfo -u shows users from all 3 servers,
> but wbinfo -m
> > only shows SUPTRA.
> >
> > KAMA and CAMP have an implicit transitive trust, but I
> can't seem to
> > get Samba to use it. The authentication request is sent to
> KAMA, but
> > it gets NT_STATUS_NO_SUCH_USER. (Same results if it joins CAMP and
> > tries to authenticate against KAMA.)
>
> Sounds like winbind doesn't map to unix uid, correctly or
> your ads domain join didn't work. You use winbind, don't you ?
>
> > Is there some trick to using transitive trusts (SAMBA_3_0)?
>
> Nope. Just make sure you have 'allow trusted domains = yes'.
> It's set this way by default.
>
>
> cheers,
> --
> Rafal Szczesniak mimir[at]diament.ists.pwr.wroc.pl
> Samba Team member mimir[at]samba.org
> +---------------------------------------------------------+
> *BSD, GNU/Linux and Samba http://www.samba.org
> +---------------------------------------------------------+
>
More information about the samba-technical
mailing list