[Samba] accessing foreign AD users to NT domain

Piviul piviul at riminilug.it
Thu Aug 27 14:09:50 UTC 2020

Rowland penny via samba ha scritto il 26/08/20 alle 15:49:
> [...] No such user psala [CSATEST] - using guest account
in effect from logs I can read:
> [2020/08/26 09:53:02.432488,  5, pid=2553, effective(0, 0), real(0, 0)] ../source3/auth/auth_ntlmssp.c:188(auth3_check_password)
>   Checking NTLMSSP password for CSATEST\psala failed: NT_STATUS_NO_SUCH_USER
> [2020/08/26 09:53:02.432504,  3, pid=2553, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:1611(do_map_to_guest_server_info)
>   No such user psala [CSATEST] - using guest account

but that's ok because the samba server (ZIZI) doesn't know the CSATEST 
domain he knows only DOMINIOCSA domain that's the joined domain... I 
don't know how samba should authenticate the CSATEST (ADdomain) users 
perhaps mapping AD users to NT users? That's the problem? From logs I 
can read[¹] that samba try to map CSATEST users to ZIZI users but should 
map CSATEST users to DOMINIOCA, didn't it?

Any way in all log file I've sent I can't find an authentication attempt 
to DOMINIOCSA\psala that's the only way to successfully authenticate the 
CSATEST\psala user, that's the problem... and probably the bug that 
caused this change in behaviour.

My best regards


[¹] Mapped domain from [CSATEST] to [ZIZI] for user [psala] from 
workstation [WIN7PRO-V01]

More information about the samba mailing list