[Samba] allow trusted domains

Victor Sudakov vas at mpeks.tomsk.su
Sun Feb 26 06:09:16 MST 2012

There is a samba compiled without winbind support, with the following
options configured:

workgroup = MYDOMAIN
security = domain
allow trusted domains = yes
add user script = /usr/sbin/pw useradd %u -m -Y -M 755

When a Windows user MYDOMAIN\john connects to the samba server, he is
mapped to the Unix user john. If there is no Unix user "john", it is
created by the add user script.

How will the users OTHERDOMAIN\otheruser and especially
OTHERDOMAIN\join be mapped/created? 

If OTHERDOMAIN\join is mapped to the same Unix user as MYDOMAIN\join,
it's a big security hole.

Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru

More information about the samba mailing list