Unable to authenticate the trusted(external trust) domain users.

Hemanth Thummala hemanth.thummala at nutanix.com
Mon May 8 21:08:40 UTC 2017

Hi Andreas,

Actually the patch(https://attachments.samba.org/attachment.cgi?id=12986) made for issue Bug 12598 <https://bugzilla.samba.org/show_bug.cgi?id=12598> resolved the trust issue for us. What I understood my earlier debugging is that the client side piece was always using kerberos without fallback approach to NTLMSSP to connect to remote trusted domain DCs . I think this gets addressed by this patch specifically.We have unit tested all the trust scenarios. Things are looking good. But, we would like to know if there will any dependency issues that you would like to share with just taking this patch. 

We are definitely planning to upgrade to 4.6.2. Its just that we are waiting for a release which can fit good test cycle.

Thank you for the help.


On 5/8/17, 9:30 AM, "Andreas Schneider" <asn at samba.org> wrote:

>On Monday, 8 May 2017 18:17:11 CEST Hemanth Thummala wrote:
>> Hi Andreas,
>> Thank you for the response. I could actually see a patch specifically meant
>> to address the external
>> trusts(https://bugzilla.samba.org/show_bug.cgi?id=12554).
> I will go
>> through the required patch list and update you.
>> Regards,
>> Hemanth.
>Well this is just gensec, there are probably roughly a hundred patches 
>covering winbind and libsmb in Samba 4.6 which fix trusted domains. It starts 
>with passing down cli_credentials correctly and ends with fixing user lookups 
>in winbind.
>	Andreas
>Andreas Schneider                   GPG-ID: CC014E3D
>Samba Team                             asn at samba.org

More information about the samba-technical mailing list