[Samba] Re: Trusted domain user login

Carlos Lorenzo Matés clmates at mundo-r.com
Wed Jan 30 23:18:51 GMT 2008


Hi.

El Miércoles, 30 de Enero de 2008, Thorkil Olesen escribió:
> Carlos Lorenzo Matés <clmates <at> mundo-r.com> writes:
> > > Maybe you should try:
> > >
> > > wbinfo -a NTDOMAIN\\clorenzo%myrealpassword
> >
> > This was my first try and it says exactly the same.
>
> Well, that should work.
>
> > We have the very same users groups and passwords in the
> > NT Domain and in the
> > samba Domain, our samba domain uses ldap for storage.
>
> It doesn't make sense to have same users in both domains.
>

We make this because we are migrating the NT domain to a samba domain and this 
was the best option to make this transparent for users

> >From samba's point of view users in different domains are
>
> not the same even though they have same username and
> password. They will still have different SIDs.
>
> > Here is our nsswitch.conf
>
> (...)
>
> > passwd: files ldap
> > group:  files ldap
>
> (...)
>
> > passwd_compat:  ldap winbind
> > group_compat:   ldap winbind
>
> (...)
>
> Why do you put winbind at 'passwd_compat' instead of 'passwd'?
>

I don't know I'm going to revise this, thanks


> > getent returns the ldap users, groups and paswwords, should
> > getent also return
> > the NT domain users when they are the same?
>
> If you use 'DOMAIN\user' it should, eg.
>
> getent passwd NTDOMAIN\\clorenzo
>
> I don't think however that nsswitch is used by wbinfo -a so this
> may not be your real problem.
>
> I had a similar problem that i solved by changing to kerberos,
> but with NT this is not possible.
> I don't think I can help with this.
>


Ok, im going to play with nsswitch to see if this changes something, also will 
make another try with getent with the NTDOMAIN as you said.

Thanks again


-- 
Un saludo.

Carlos Lorenzo Matés.
clmates AT mundo-r DOT com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
Url : http://lists.samba.org/archive/samba/attachments/20080131/4e463567/attachment.bin


More information about the samba mailing list