[PATCH] Can't authenticate user from child-domain of trusted forest

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue Nov 28 13:47:50 UTC 2017


On Tue, Nov 28, 2017 at 02:46:37PM +0100, Ralph Böhme wrote:
> On Tue, Nov 28, 2017 at 02:41:12PM +0100, Ralph Böhme wrote:
> > On Tue, Nov 28, 2017 at 02:29:30PM +0100, Volker Lendecke wrote:
> > > On Tue, Nov 28, 2017 at 12:58:22PM +0100, Ralph Böhme wrote:
> > > > auth still fails because add_trusted_domain() will only be called in the domain
> > > > child, but not in the parent where we call find_domain_from_name_noinit().
> > > 
> > > What about that one?
> > 
> > hm, is this one supposed to go on-top of the previous one?
> 
> applied on-top and it works, even with the subdomain behind the outgoing one-way
> trust (subdom31):
> 
> $ ./bin/smbclient -U "subdom31\administrator%Passw0rd" //localhost/share -c quit
> $ ./bin/smbclient -U "subdom11\administrator%Passw0rd" //localhost/share -c quit
> $ bin/wbinfo -i "subdom31\administrator"
> SUBDOM31\administrator:*:2060500:2060513::/home/SUBDOM31/administrator:/bin/false
> $ bin/wbinfo -i "subdom11\administrator"
> SUBDOM11\administrator:*:2120500:2120513::/home/SUBDOM11/administrator:/bin/false

With or without your patches applied?

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de



More information about the samba-technical mailing list