[Samba] winbind map untrusted domain problem

schlittae at bluewin.ch schlittae at bluewin.ch
Sat Nov 5 06:50:19 MDT 2011


Hi

I have a question/problem about winbind and the "map untrusted to domain" (=yes) parameter.

I use samba 3.6.0 on 
FreeBSD 8.2 with the following configuration:
[global]
  encrypt passwords = yes
  map untrusted to domain = yes
  
allow trusted domains = yes
  client ntlmv2 auth = yes
  client use spnego = yes
  client lanman auth = yes
  client 
plaintext auth = no
  winbind enum users = yes
  winbind enum groups = yes
  winbind offline logon = yes
  winbind use 
default domain = yes
  restrict anonymous = 2
  winbind cache time = 10
  restrict anonymous = 2
  os level = 0
  
lanman auth = yes
  ntlm auth = yes

  domain logons = yes
  unix password sync = yes
  passwd program = 
/usr/bin/passwd %u

  preferred master = yes

  local master = yes
  security = user
  domain master = yes

  workgroup 
= DOMAIN

  netbios name = smbsrv01
  server string = smbsrv01

Authentication when accessing a SMB share works without 
specify a domain from a windows client. (so windows uses client hostname as domain name, I guess samba does map the 
"untrusted" hostname domain to its own) But if I use squid for authentication with samba NTLM auth helper plugin, it 
does not work if the client does not explicit specify the domain name. I also tried with wbinfo -a 
<hostname>\\vailduser and I get "NT_STATUS_NO_SUCH_USER (0xc0000064)". (I guess wbinfo authenticates the same way as 
the NTLM auth helper plugin does)

Is there a way to tell samba that it also maps untrusted domains over winbind. If 
yes, how?

Thank you

Best regards
Tobias



More information about the samba mailing list