CVS update: samba/source/auth
Gerald (Jerry) Carter
jerry at samba.org
Sun Jun 29 22:33:28 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 29 Jun 2003, Volker Lendecke wrote:
> Some very brief notes wrt your trustdom patch:
> Why do you want to join the local domain?
I'm trying to remember right now. Could have had to do with
> If we do, then wbinfo -a SAMBA\\user%password where SAMBA is the local
> SAM domain locks up in the SAM logon request from winbind to smbd.
Doesn't lock for me. Although (VALE is the Samba domain) running this on
# wbinfo -a 'VALE\jerry%test'
plaintext password authentication succeeded
challenge/response password authentication failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
error messsage was: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Could not authenticate user VALE\jerry with challenge/response
I've tried this with and without 'winbind use default domain = yes'.
Maybe I need more details from you?
> With your patch (not joined the local domain) I get the local users as
> SAMBA\username in getent passwd.
Joined to the domain it works fine. Only trusted users show up.
> On Sun, Jun 29, 2003 at 03:39:50AM +0000, jerry at samba.org wrote:
> > * set 'auth method = guest sam winbind'
> I'd rather recommend 'auth methods = guest samstrict winbind'
> Otherwise you will get problems if you have a SAM user with the same
> name as a winbind-imported user.
OK. I see what you mean. So why do we have a separate 'sam' and
'samstrict' method. We shouldn't be looking up users from other domains
in own own passdb anyways. Trust relationships should be handled
by 'allow trust domains' and that should go through winbind.
Why can't we just make samstrict == sam and name them one module?
> Sorry for not really looking into it, it's Sunday and I'd like to go
> dancing :-)
Enjoy yourself. :-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
-----END PGP SIGNATURE-----
More information about the samba-technical