[Samba] Re: Trusted domain user login
Carlos Lorenzo Matés
clmates at mundo-r.com
Wed Jan 30 23:18:51 GMT 2008
Hi.
El Miércoles, 30 de Enero de 2008, Thorkil Olesen escribió:
> Carlos Lorenzo Matés <clmates <at> mundo-r.com> writes:
> > > Maybe you should try:
> > >
> > > wbinfo -a NTDOMAIN\\clorenzo%myrealpassword
> >
> > This was my first try and it says exactly the same.
>
> Well, that should work.
>
> > We have the very same users groups and passwords in the
> > NT Domain and in the
> > samba Domain, our samba domain uses ldap for storage.
>
> It doesn't make sense to have same users in both domains.
>
We make this because we are migrating the NT domain to a samba domain and this
was the best option to make this transparent for users
> >From samba's point of view users in different domains are
>
> not the same even though they have same username and
> password. They will still have different SIDs.
>
> > Here is our nsswitch.conf
>
> (...)
>
> > passwd: files ldap
> > group: files ldap
>
> (...)
>
> > passwd_compat: ldap winbind
> > group_compat: ldap winbind
>
> (...)
>
> Why do you put winbind at 'passwd_compat' instead of 'passwd'?
>
I don't know I'm going to revise this, thanks
> > getent returns the ldap users, groups and paswwords, should
> > getent also return
> > the NT domain users when they are the same?
>
> If you use 'DOMAIN\user' it should, eg.
>
> getent passwd NTDOMAIN\\clorenzo
>
> I don't think however that nsswitch is used by wbinfo -a so this
> may not be your real problem.
>
> I had a similar problem that i solved by changing to kerberos,
> but with NT this is not possible.
> I don't think I can help with this.
>
Ok, im going to play with nsswitch to see if this changes something, also will
make another try with getent with the NTDOMAIN as you said.
Thanks again
--
Un saludo.
Carlos Lorenzo Matés.
clmates AT mundo-r DOT com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
Url : http://lists.samba.org/archive/samba/attachments/20080131/4e463567/attachment.bin
More information about the samba
mailing list