[Samba] On way trust issue

Ephi Dror Ephi.Dror at datadomain.com
Fri Sep 5 01:17:51 GMT 2008


Pam based authentication is failing for trusted domain users when the trust was set to one way.

There is no problem for shares access.

1. I have domain DOM-A and domain DOM-B.
2. I setup trust between DOM-A and DOM- in such a way that DOM-A is trusting DOM-B BUT DOM-B is NOT trusting DOM-A.
3. I joined my_samba server to DOM-A.

# wbinfo -m

# wbinfo --sequence
BUILTIN : 1220487886
MY_SAMBA : 1220487886
DOM-A : 23598

I have no problem connecting to shares using dom-a or dom-b users and it works as Swiss Watch.


Ssh "dom-a\\user"@my_samba  works  (my_samba joined domain-a)

Ssh "dom-b\\user"@my_samba  *****   DOES NOT does work *****

I see call to winbindd_pam_auth in the log but nothing after.

Also, issuing "id" for trusted domain user comes up like this:

# id "dom-b\\administrator"
uid=5000000(DOM-B\) gid=0(root) groups=0(root)

Any idea?

To conclude:
1. If I set two ways trust it works as a Swiss Watch 2. In one way trust, smbd is using ntlm and successfully authenticate the trusted domain user but pam based application failing as I described above.

I would really appreciate any hint.


More information about the samba mailing list