[Samba] samba authentication fails with trusted domain

Peter fomember at freenet.de
Fri May 28 02:00:37 MDT 2010

We are using samba with domain authentication against a windows AD.
The account domain is AA.
All our hosts (windows and samba systems) and a few generic user accounts
are in a domain TT which trust the accounts from AA.
In Short our smbd.conf has:
 . . .
 security = domain
 workgroup = TT
 . . .
Normally a user logs on with the user account from AA as AA\userID.
We use users.map to map UXlogon = AA\userID

With Redhat EL5, Ubuntu Karmic (and also Lucid) these users have no problem
to access shares.
The samba daemon properly authenticates against the domain controller and
allows access to the local share UXlogon without any login dialog.
Things are different though if a user is logged in as TT\userID and tries to
access a samba share.
With Redhat things work like before.
With Ubuntu though I do not see any authentication dialog with the domain
controller and smbd tries to find the user in smbpasswd which of course is
not there.
Thus the user is denied to access.
I do not understand why there is no request to the domain controller.
As a workaround I issued smbpasswd -a TTuserID and the user from TT can now
also access the share as expected.
Although this has solved the problem for me I still regard it as a bug. If
security = domain is used the correct behaviour should be to authenticate
all requests against the domain controller .
Because Redhat does it correctly I think that there was something wrong in
Unfortunately there is no Ubuntu forum for samba, launchpad bug tracking
just points to the samba team.
I hope that someone here can shine a light on this problem and it does not
become a game of back and forth between samba and ubuntu guys.

More information about the samba mailing list