[Samba] Authentication to a trusted domain

Carl Benson cbenson at fhcrc.org
Wed Feb 20 14:28:02 GMT 2002

Could someone tell me if what I'm trying to do is possible with
Samba? This authentication across trusted domains problem is
driving me nuts. Please & thanks. 

My Samba server, cachalot: RedHat 7.2, Samba 2.2.3a, Winbind is

Cachalot belongs to the NT domain PHS-SC, which trusts the NT domain

Cachalot is added to the PHS-SC domain as a "workstation or server" 
via the Server Manager app. I can browse "My Network Places" and
find cachalot, and its "homes" share, where my Linux home directory

My client is a PC running W2k Pro, I think SP2. It's on the same
subnet as cachalot.

The user, me, has NT user ID "cbenson" in the FHCRC domain. I also
have user ID "imaginos" in Linux (NIS).

/etc/samba/smbusers contains "imaginos = cbenson".

If I map a network drive and specify user ID "imaginos" and my NIS
password, it connects 100% reliably to the "homes" share. I use it
this way every day.

My goal is to NOT have to specify "imaginos" whenever I want to connect 
to my home directory on cachalot. This is a test case for the entire
division of the company, so it's not just for my convenience.

If I attempt to map a network drive without specifying a user ID,
I always get this in my Samba log:

[2002/02/20 13:52:09, 3] smbd/reply.c:reply_sesssetup_and_X(1018)
  No such user cbenson [FHCRC] - using guest account 

I know this is absurd, since of course I have to login to my PC as
"cbenson" in the FHCRC domain! 

It also fails in the same way if I specify a user ID of "FHCRC\cbenson"
or "FHCRC\cbenson". (But of course I should NOT have to specify any
user ID, since I can map a network drive on an NT server that belongs 
to PHS-SC without doing so! If NT can do it, why not Samba?)

Cachalot's /etc/samba/smb.conf contains:

   encrypt passwords = yes
   hosts allow = 140.107.
   lm announce = false
   local master = false
   log file = /var/log/samba/log.smb
   debuglevel = 3
   server string = Cachalot Samba Server %h
   smb passwd file = /etc/samba/smbpasswd
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   username = /etc/samba/smbusers
   wins server =,
   security = domain
   workgroup = PHS-SC
   password server = *
   allow trusted domains = yes
   printcap name = /etc/printcap
   load printers = yes
   printing = bsd
   winbind separator = \
   winbind uid = 10000-20000
   winbind gid = 10000-20000
   winbind cache time = 15
   winbind enum users = yes
   winbind enum groups = yes
   template homedir = /home0/%D/%U
   template shell = /bin/ksh
   winbind use default domain = true

   comment = Home Directories
   path = %H
   browseable = yes
   writable = yes
   valid users = cbenson, imaginos

Carl Benson                |  cbenson at fhcrc.org
UNIX System Administrator  |  Telephone: (206) 667-4862
Fred Hutchinson Cancer     |  Fax:       (206) 667-6869
   Research Center         |  Opinions expressed are my own.

More information about the samba mailing list