Dow, Corey wrote: > > Ntlm_auth --request-nt-key --DOMAIN=XYZ --username=jdoe
This has been mentioned a few times in the archives, I believe without resolution. I'm not certain it works without some level of fiddling - it's been a while and my samba/ntdom/kerb skills are two years rusty, but I can envisage needing to enable permissions. Specifically the ntlm_auth helper executes an MS-RPC against the DC. You'll need to both authenticate to the DC in the other domain *and* have permissions to execute that RPC. You might ask on the Samba mailing list - they'll have more familiarity with the vagaries of the NT domain protocols and trusts. Do please let us know if you do and get an answer. > > But I get an NT_STATUS_IO_TIMEOUT. Interesting. If you wireshark at the same time, what you can Samba doing? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html