[Samba] Trusted domain users unwantedly mapping onto local domain users

Bruce Richardson itsbruce at workshy.org
Thu Oct 21 15:15:21 MDT 2010

On Thu, Oct 21, 2010 at 05:02:55PM -0400, Gaiseric Vandal wrote:
> I have not tried ssh'ing in as a trusted domain user (I definately
> don't want that available..)

It's not something I want to make available, but it was an important
test to prove that winbind was creating the correct idmap entries and
that this was making functional POSIX accounts available to the Linux
host.  What I don't understand is why Samba isn't mapping the trusted
domain users onto those accounts.

> Do you have an entry in krb5.conf for the trusted domain?  I think
> that is more of an issue for locating the DC.

I do.

> At some point I changed the forest and domain modes on the Windows
> 2003 DC from mixed to native.  That may have broken something

I'm surprised anything is working for you.  I didn't think trust
relationships between Samba or NT4 and AD would work at all if AD was in
native mode.


If the universe were simple enough to be understood, we would be too
simple to understand it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20101021/2a57241e/attachment.pgp>

More information about the samba mailing list