[Samba] accessing foreign AD users to NT domain
Piviul
piviul at riminilug.it
Thu Aug 27 14:09:50 UTC 2020
Rowland penny via samba ha scritto il 26/08/20 alle 15:49:
> [...] No such user psala [CSATEST] - using guest account
in effect from logs I can read:
> [2020/08/26 09:53:02.432488, 5, pid=2553, effective(0, 0), real(0, 0)] ../source3/auth/auth_ntlmssp.c:188(auth3_check_password)
> Checking NTLMSSP password for CSATEST\psala failed: NT_STATUS_NO_SUCH_USER
> [2020/08/26 09:53:02.432504, 3, pid=2553, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:1611(do_map_to_guest_server_info)
> No such user psala [CSATEST] - using guest account
but that's ok because the samba server (ZIZI) doesn't know the CSATEST
domain he knows only DOMINIOCSA domain that's the joined domain... I
don't know how samba should authenticate the CSATEST (ADdomain) users
perhaps mapping AD users to NT users? That's the problem? From logs I
can read[¹] that samba try to map CSATEST users to ZIZI users but should
map CSATEST users to DOMINIOCA, didn't it?
Any way in all log file I've sent I can't find an authentication attempt
to DOMINIOCSA\psala that's the only way to successfully authenticate the
CSATEST\psala user, that's the problem... and probably the bug that
caused this change in behaviour.
My best regards
Piviul
[¹] Mapped domain from [CSATEST] to [ZIZI] for user [psala] from
workstation [WIN7PRO-V01]
More information about the samba
mailing list