I have an issue with being unable to successfully allow any user from trusted domains to connect to an ADS Samba-3.0.24 server (joined via kinit && net ads join)
Our AD (Win2K3 based) domain is "OURDOM", and Samba is a member of it. Access from OURDOM accounts is 100% fine. However (2-way trusted) username "TDOM\user1" cannot connect to an open share on it, and yet "ntlm_auth --username=user1 --domain=TDOM" successfully authenticates! I have seen this several times before under different Samba releases, and have seen others report it on this list too. Typically the logging shows the smbd connection coming in as "[TDOM]\user1" - but suddenly the domain gets dropped, and "user1" is authenticated - incorrectly - apparently against the OURDOM domain (which will obviously fail) Can someone explain why ntlm_auth could possibly work (it implies winbind is totally happy?), whereas smbd should return Access Denied? And yes, "allow trusted domains = Yes" is set. Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba