`allow trusted domains = no` and `Unix Users`
Rowland Penny
rpenny at samba.org
Mon Sep 4 09:38:11 UTC 2023
On Mon, 04 Sep 2023 11:07:10 +0200
Andreas Schneider via samba-technical <samba-technical at lists.samba.org>
wrote:
> Hello,
>
> I have a user who set `allow trusted domains = no` in his smb.conf.
> He also set `force user = localuser` on a share. However he is not
> able to connect to the local share:
>
> [2023/07/27 12:31:43.434346, 3, pid=1019460, effective(0, 0),
> real(0, 0)] ../../source3/lib/util_names.c:84(is_allowed_domain)
> is_allowed_domain: Not trusted domain 'UNIX USER'
> [2023/07/27 12:31:43.434350, 3, pid=1019460, effective(0, 0),
> real(0, 0),
> class=auth] ../../source3/auth/auth_util.c:492(create_local_token)
> create_local_token: Authentication failed for user [cortexuser] from
> firewalled domain [UNIX USER]
>
> The change was introduced by df5fe2d835169161d3930acf1e9c750dd2bc64b6
>
> Is it by intention that local unix users fall into the "trusted
> domain" category or is this a bug?
>
>
> Best regards
>
>
> Andreas
>
>
>
Stop me if I am wrong, but doesn't 'allow trusted domains = no' mean
that you only trust the domain that the computer is part of, so local
users will not be part of that domain.
Also, as I understand it, if you are trying to connect to the share as
a local user that the domain knows nothing about, you will be denied access,
but if you connect to the share as a known user and 'force user = localuser'
is in the share, then everything would end up belonging to 'localuser'
Rowland
More information about the samba-technical
mailing list