[Samba] trusted domains - samba user authentification

Hitzler Ronald r.hitzler at flughafen-linz.at
Wed May 29 00:39:03 GMT 2002


Background: We have a normal NT 4.0 Domain called AIRPORT and a Windows 2000
Domain (server is in mixed mode) called MAIL. Connected to the AIRPORT
Domain is a Samba 2.0.6 Server with security = domain. Both domains are
trusting each other.

I've a little problem understanding the user authentification with the
MAIL domain. I'll it explain with a little example:

We have a user called "testuser" on both domains (AIRPORT\testuser and
MAIL\testuser). If I create a share on the AIRPORT PDC (WINDOWS NT 4.0) for
the user "testuser", I can access it from AIRPORT. If I logon to MAIL, I'm
not allowed to access it. If I expnad the user rights to MAIL\testuser I can
access again. So far no problem.

BUT: If I make a samba share (rember: the samba server is using domain
and it's connected to AIRPORT) for our testuser there is no difference which
I use for login. If I logon to MAIL I also have access to the Samba Share.

It looks like samba makes no difference between MAIL\testuser and

Now my questions: Is it right, that samba doesn't consider the "Domain-Part"
of the username if the domains are trusted?
Is it a missing feature or "should it be as it is"?
Or I am just too stupid to understand the whole trusted-thing?

Thanks for your help!

Ronald Hitzler

More information about the samba mailing list