[Samba] trusted domains - samba user authentification
gft at sandwich.pfizer.com
Wed May 29 01:18:02 GMT 2002
I have a similar setup - Multiple domains with trusts, and Samba 2.2.4
instances on Solaris and IRIX joined to a Windows2000 domain.
There seems no way in the username.map file to distinguish between users on
different domains (trusting each other) with the same username.
For example, If I have an entry in the username.map file "fredf =
flintstone_f", then the NT user flintstone_f in any domain trusted by the
domain the samba server is a member of is mapped to the unix user fredf.
The good news seems to be that samba does know about domains.
Authentication errors reported in log.smbd mention a username, password
server _and_ the domain they tried to authenticate against.
Anyone else come across the same issue?
Is this functionality planned for 2.2.x, or is it in 3.x?
Company Legal Notice:
Pfizer Limited is registered in the UK. Company Number 526209
> -----Original Message-----
> From: samba-admin at lists.samba.org
> [mailto:samba-admin at lists.samba.org]On
> Behalf Of Hitzler Ronald
> Sent: 29 May 2002 08:35
> To: 'samba at lists.samba.org'
> Subject: [Samba] trusted domains - samba user authentification
> Background: We have a normal NT 4.0 Domain called AIRPORT and
> a Windows 2000
> Domain (server is in mixed mode) called MAIL. Connected to the AIRPORT
> Domain is a Samba 2.0.6 Server with security = domain. Both
> domains are
> trusting each other.
> I've a little problem understanding the user authentification with the
> MAIL domain. I'll it explain with a little example:
> We have a user called "testuser" on both domains (AIRPORT\testuser and
> MAIL\testuser). If I create a share on the AIRPORT PDC
> (WINDOWS NT 4.0) for
> the user "testuser", I can access it from AIRPORT. If I logon
> to MAIL, I'm
> not allowed to access it. If I expnad the user rights to
> MAIL\testuser I can
> access again. So far no problem.
> BUT: If I make a samba share (rember: the samba server is using domain
> and it's connected to AIRPORT) for our testuser there is no
> difference which
> I use for login. If I logon to MAIL I also have access to the
> Samba Share.
> It looks like samba makes no difference between MAIL\testuser and
> Now my questions: Is it right, that samba doesn't consider
> the "Domain-Part"
> of the username if the domains are trusted?
> Is it a missing feature or "should it be as it is"?
> Or I am just too stupid to understand the whole trusted-thing?
> Thanks for your help!
> Ronald Hitzler
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba