[Samba] wbinfo -a works against other domains, but can't use other dom creds for a share

Smith, David desmith at wustl.edu
Tue Apr 24 09:50:21 MDT 2012

> I've successfully joined my Samba server to a Windows domain (let's call it DOMAIN1). When I run wbinfo -m , I see a number of other domains listed, including DOMAIN2. I can even test credentials in those other domains (wbinfo -a DOMAIN2\\username says that both plaintext and challenge/response authentication were successful).

Following up to myself here: I'm starting to run short on ideas.

If I add "allow trusted domains = yes" to my smb.conf, the Samba server tries to map logins to its own hostname:

[2012/04/24 10:43:12.167648,  3] libsmb/ntlmssp.c:747(ntlmssp_server_auth)
  Got user=[username] domain=[domain2] workstation=[IS-M001] len1=24 len2=290
[2012/04/24 10:43:12.168080,  3] auth/auth.c:216(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [domain2]\[username]@[IS-M001] with the new password interface
[2012/04/24 10:43:12.168101,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  mapped user is: [ISTWPTEST2]\[username]@[IS-M001]

(In the above "ISTWPTEST2" is the NetBIOS name of the server, as configured in smb.conf; IS-M001 is my desktop, from which I'm trying to connect.

There also was a promising "map untrusted to domain" option, but it maps everything to the domain of which this server is a member (DOMAIN1 in my example), not the domain provided by the user.

Anything? I'm getting a bit flustered by this.

David Smith

More information about the samba mailing list