[Samba] winbind map untrusted domain problem
schlittae at bluewin.ch
schlittae at bluewin.ch
Sat Nov 5 06:50:19 MDT 2011
Hi
I have a question/problem about winbind and the "map untrusted to domain" (=yes) parameter.
I use samba 3.6.0 on
FreeBSD 8.2 with the following configuration:
[global]
encrypt passwords = yes
map untrusted to domain = yes
allow trusted domains = yes
client ntlmv2 auth = yes
client use spnego = yes
client lanman auth = yes
client
plaintext auth = no
winbind enum users = yes
winbind enum groups = yes
winbind offline logon = yes
winbind use
default domain = yes
restrict anonymous = 2
winbind cache time = 10
restrict anonymous = 2
os level = 0
lanman auth = yes
ntlm auth = yes
domain logons = yes
unix password sync = yes
passwd program =
/usr/bin/passwd %u
preferred master = yes
local master = yes
security = user
domain master = yes
workgroup
= DOMAIN
netbios name = smbsrv01
server string = smbsrv01
Authentication when accessing a SMB share works without
specify a domain from a windows client. (so windows uses client hostname as domain name, I guess samba does map the
"untrusted" hostname domain to its own) But if I use squid for authentication with samba NTLM auth helper plugin, it
does not work if the client does not explicit specify the domain name. I also tried with wbinfo -a
<hostname>\\vailduser and I get "NT_STATUS_NO_SUCH_USER (0xc0000064)". (I guess wbinfo authenticates the same way as
the NTLM auth helper plugin does)
Is there a way to tell samba that it also maps untrusted domains over winbind. If
yes, how?
Thank you
Best regards
Tobias
More information about the samba
mailing list