[Samba] Re: Trusted domain user login

Thorkil Olesen thorkil at pip.dknet.dk
Wed Jan 30 22:26:00 GMT 2008

Carlos Lorenzo Matés <clmates <at> mundo-r.com> writes:

> > Maybe you should try:
> >
> > wbinfo -a NTDOMAIN\\clorenzo%myrealpassword
> This was my first try and it says exactly the same.

Well, that should work.

> We have the very same users groups and passwords in the
> NT Domain and in the 
> samba Domain, our samba domain uses ldap for storage.

It doesn't make sense to have same users in both domains.
>From samba's point of view users in different domains are
not the same even though they have same username and
password. They will still have different SIDs.

> Here is our nsswitch.conf

> passwd: files ldap
> group:  files ldap
> passwd_compat:  ldap winbind
> group_compat:   ldap winbind

Why do you put winbind at 'passwd_compat' instead of 'passwd'?

> getent returns the ldap users, groups and paswwords, should
> getent also return 
> the NT domain users when they are the same?

If you use 'DOMAIN\user' it should, eg.

getent passwd NTDOMAIN\\clorenzo

I don't think however that nsswitch is used by wbinfo -a so this
may not be your real problem.

I had a similar problem that i solved by changing to kerberos,
but with NT this is not possible.
I don't think I can help with this.

Thorkil Olesen, Denmark.

More information about the samba mailing list