Authentication successful with empty or incorrect Domain string

boyang boyang at suse.de
Mon Mar 30 07:17:41 GMT 2009 

Smita Zankar wrote:
> Hi,
>
> I have Samba PDC setup on RHEL. I have another RHEL joined to the Samba PDC
> domain for authentication, I have also configured the PAM modules with
> winbind.
> The authentication works with username as "\user" or "pdc\user" even even
> the Domain name for the Samba PDC is different e.g. "SambaPDC". This is seen
> with a sample authenticaion using smbclient as well as if I try ssh/ftp/scp.
>
> My question is why the domain string is not getting matched during
> authentication? Is there any specific configuration change required.
>   
Looks like winbindd will fall back to primary domain when domain is not
found in domain list. For smbclient, I think the reason here would be
"sam_ignoredomain" which causes the domain name be ignored silently.
> My Samba PDC, smb.conf looks like:
> [global]
>         workgroup = MyDomain
>         server string = Samba PDC
>         netbios name = sonas18
>         passdb backend = tdbsam
>         log level = 3
>         log file = /var/log/samba/%m.log
>         max log size = 50
>         add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M
> -d /nohome -s /bin/false "%u"
>         domain logons = Yes
>         os level = 64
>         preferred master = Yes
>         domain master = Yes
>         wins support = Yes
>         cups options = raw
>         security = user
>         encrypt passwords = Yes
>         idmap gid = 10000000-11000000
>         idmap uid = 10000000-11000000
>
>
> [netlogon]
>         path = /etc/samba/netlogon
>         writeable = no
>         write list = ntadmin
>         guest ok = no
> [profiles]
>         path = /usr/smb/ntprofile
>         writeable = yes
>         create mask = 0600
>         directory mask = 0700
>
>
>
> My Samba client smb.conf looks like:
> (relevant entrries)
>         server string = "linux1"
>         ea support = yes
>         groupdb:backend = tdb
>         template homedir = /var/opt/scproot
>         dmapi support = no
>         workgroup = mydomain
>         password server = 9.182.193.218
>         security = domain
>         disable netbios = no
>         template shell = /usr/bin/rssh
>         idmap gid = 10000000-11000000
>         idmap uid = 10000000-11000000
>         netbios name = so18
>
>
> Any help is appreciated.
>
> Thanks,
> Smita
>
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: boyang.vcf
Type: text/x-vcard
Size: 187 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20090330/f60d0c2d/boyang.vcf

More information about the samba-technical mailing list