samba-users May 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] samba authentication fails with trusted dom

[Samba] samba authentication fails with trusted domain

From: Peter <fomember_at_nospam>
Date: Fri May 28 2010 - 08:00:37 GMT
To: <>

We are using samba with domain authentication against a windows AD.
The account domain is AA.
All our hosts (windows and samba systems) and a few generic user accounts
are in a domain TT which trust the accounts from AA.
In Short our smbd.conf has:
 . . .
 security = domain
 workgroup = TT
 . . .
Normally a user logs on with the user account from AA as AA\userID.
We use to map UXlogon = AA\userID

With Redhat EL5, Ubuntu Karmic (and also Lucid) these users have no problem
to access shares.
The samba daemon properly authenticates against the domain controller and
allows access to the local share UXlogon without any login dialog.
Things are different though if a user is logged in as TT\userID and tries to
access a samba share.
With Redhat things work like before.
With Ubuntu though I do not see any authentication dialog with the domain
controller and smbd tries to find the user in smbpasswd which of course is
not there.
Thus the user is denied to access.
I do not understand why there is no request to the domain controller.
As a workaround I issued smbpasswd -a TTuserID and the user from TT can now
also access the share as expected.
Although this has solved the problem for me I still regard it as a bug. If
security = domain is used the correct behaviour should be to authenticate
all requests against the domain controller .
Because Redhat does it correctly I think that there was something wrong in
Unfortunately there is no Ubuntu forum for samba, launchpad bug tracking
just points to the samba team.
I hope that someone here can shine a light on this problem and it does not
become a game of back and forth between samba and ubuntu guys.

-- To unsubscribe from this list go to the following URL and read the instructions: