[Samba] wbinfo -a works against other domains, but can't use other dom creds for a share
desmith at wustl.edu
Tue Apr 24 09:50:21 MDT 2012
> I've successfully joined my Samba server to a Windows domain (let's call it DOMAIN1). When I run wbinfo -m , I see a number of other domains listed, including DOMAIN2. I can even test credentials in those other domains (wbinfo -a DOMAIN2\\username says that both plaintext and challenge/response authentication were successful).
Following up to myself here: I'm starting to run short on ideas.
If I add "allow trusted domains = yes" to my smb.conf, the Samba server tries to map logins to its own hostname:
[2012/04/24 10:43:12.167648, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth)
Got user=[username] domain=[domain2] workstation=[IS-M001] len1=24 len2=290
[2012/04/24 10:43:12.168080, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [domain2]\[username]@[IS-M001] with the new password interface
[2012/04/24 10:43:12.168101, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [ISTWPTEST2]\[username]@[IS-M001]
(In the above "ISTWPTEST2" is the NetBIOS name of the server, as configured in smb.conf; IS-M001 is my desktop, from which I'm trying to connect.
There also was a promising "map untrusted to domain" option, but it maps everything to the domain of which this server is a member (DOMAIN1 in my example), not the domain provided by the user.
Anything? I'm getting a bit flustered by this.
More information about the samba