[Samba] allow trusted domains
Victor Sudakov
vas at mpeks.tomsk.su
Sun Feb 26 06:09:16 MST 2012
There is a samba compiled without winbind support, with the following
options configured:
workgroup = MYDOMAIN
security = domain
allow trusted domains = yes
add user script = /usr/sbin/pw useradd %u -m -Y -M 755
When a Windows user MYDOMAIN\john connects to the samba server, he is
mapped to the Unix user john. If there is no Unix user "john", it is
created by the add user script.
How will the users OTHERDOMAIN\otheruser and especially
OTHERDOMAIN\join be mapped/created?
If OTHERDOMAIN\join is mapped to the same Unix user as MYDOMAIN\join,
it's a big security hole.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the samba
mailing list