[Samba] winbind map untrusted domain problem
David Roid
dataroid at gmail.com
Sat Nov 5 07:41:51 MDT 2011
I don't think your configuration is right, "map untrusted domain", "allow
trusted domains" are not supposed to work with "security = user".
2011/11/5 schlittae at bluewin.ch <schlittae at bluewin.ch>
> Hi
>
> I have a question/problem about winbind and the "map untrusted to domain"
> (=yes) parameter.
>
> I use samba 3.6.0 on
> FreeBSD 8.2 with the following configuration:
> [global]
> encrypt passwords = yes
> map untrusted to domain = yes
>
> allow trusted domains = yes
> client ntlmv2 auth = yes
> client use spnego = yes
> client lanman auth = yes
> client
> plaintext auth = no
> winbind enum users = yes
> winbind enum groups = yes
> winbind offline logon = yes
> winbind use
> default domain = yes
> restrict anonymous = 2
> winbind cache time = 10
> restrict anonymous = 2
> os level = 0
>
> lanman auth = yes
> ntlm auth = yes
>
> domain logons = yes
> unix password sync = yes
> passwd program =
> /usr/bin/passwd %u
>
> preferred master = yes
>
> local master = yes
> security = user
> domain master = yes
>
> workgroup
> = DOMAIN
>
> netbios name = smbsrv01
> server string = smbsrv01
>
> Authentication when accessing a SMB share works without
> specify a domain from a windows client. (so windows uses client hostname
> as domain name, I guess samba does map the
> "untrusted" hostname domain to its own) But if I use squid for
> authentication with samba NTLM auth helper plugin, it
> does not work if the client does not explicit specify the domain name. I
> also tried with wbinfo -a
> <hostname>\\vailduser and I get "NT_STATUS_NO_SUCH_USER (0xc0000064)". (I
> guess wbinfo authenticates the same way as
> the NTLM auth helper plugin does)
>
> Is there a way to tell samba that it also maps untrusted domains over
> winbind. If
> yes, how?
>
> Thank you
>
> Best regards
> Tobias
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list