[Samba] On way trust issue
Ephi.Dror at datadomain.com
Fri Sep 5 01:17:51 GMT 2008
Pam based authentication is failing for trusted domain users when the trust was set to one way.
There is no problem for shares access.
1. I have domain DOM-A and domain DOM-B.
2. I setup trust between DOM-A and DOM- in such a way that DOM-A is trusting DOM-B BUT DOM-B is NOT trusting DOM-A.
3. I joined my_samba server to DOM-A.
# wbinfo -m
# wbinfo --sequence
DOM-B : DISCONNECTED
BUILTIN : 1220487886
MY_SAMBA : 1220487886
DOM-A : 23598
I have no problem connecting to shares using dom-a or dom-b users and it works as Swiss Watch.
Ssh "dom-a\\user"@my_samba works (my_samba joined domain-a)
Ssh "dom-b\\user"@my_samba ***** DOES NOT does work *****
I see call to winbindd_pam_auth in the log but nothing after.
Also, issuing "id" for trusted domain user comes up like this:
# id "dom-b\\administrator"
uid=5000000(DOM-B\) gid=0(root) groups=0(root)
1. If I set two ways trust it works as a Swiss Watch 2. In one way trust, smbd is using ntlm and successfully authenticate the trusted domain user but pam based application failing as I described above.
I would really appreciate any hint.
More information about the samba