Hello, Pam based authentication is failing for trusted domain users when the trust was set to one way.
There is no problem for shares access. Details: ========= 1. I have domain DOM-A and domain DOM-B. 2. I setup trust between DOM-A and DOM- in such a way that DOM-A is trusting DOM-B BUT DOM-B is NOT trusting DOM-A. 3. I joined my_samba server to DOM-A. # wbinfo -m DOM-A DOM-B # wbinfo --sequence DOM-B : DISCONNECTED BUILTIN : 1220487886 MY_SAMBA : 1220487886 DOM-A : 23598 Now: ==== I have no problem connecting to shares using dom-a or dom-b users and it works as Swiss Watch. However: ========== Ssh "dom-a\\user"@my_samba works (my_samba joined domain-a) Ssh "dom-b\\user"@my_samba ***** DOES NOT does work ***** I see call to winbindd_pam_auth in the log but nothing after. Also, issuing "id" for trusted domain user comes up like this: # id "dom-b\\administrator" uid=5000000(DOM-B\) gid=0(root) groups=0(root) Any idea? To conclude: ============ 1. If I set two ways trust it works as a Swiss Watch 2. In one way trust, smbd is using ntlm and successfully authenticate the trusted domain user but pam based application failing as I described above. I would really appreciate any hint. Cheers, Ephi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba