SAMBA and NT trusted domains.
Andrej Borsenkow
borsenkow.msk at sni.de
Fri Jul 31 14:08:48 GMT 1998
I have here 1.9.18, which authenticates against WinNT 4.0 server. This
server has trusted relationtips with some other domains. Now, suppose,
some user from these trusted domains tries to access SAMBA. How will it
be authorised - as local user in my local domain, or as real user in hos
own NT domain. That is, if I am in NT domain D1, and user foo comes from
domain D2, will it be authenticated as plain "foo" or as "D2\foo"?
The second opens up some security problem - if there is a local user
"bar" (D1\bar), and user "bar" from domain D2 (D2\bar) tries to come in,
it will be authorised by NT server (becaose of trusted relationtip
between D1 and D2). But if SAMBA will now treat him as simple "bar" (and
SAMBA has no way of user mapping based on domain), than user D2\bar will
get all rights of local user bar. Not good ...
thank you in advance
--
============================================================
Andrej Borsenkow Fax: +7 (095) 796 99 20
SNI ITS Moscow Tel: +7 (095) 796 99 24
NERV: borsenkow.msk E-Mail: borsenkow.msk at sni.de
============================================================
More information about the samba
mailing list