Hello, Pam based authentication is failing for trusted domain users when the trust was set to one way. There is no problem for shares access. Details: ========1. I have domain DOM-A and domain DOM-B. 2. I setup trust between DOM-A and DOM- in such a way that DOM-A is trusting DOM-B BUT DOM-B is NOT trusting DOM-A. 3. I joined my_samba server to DOM-A. # wbinfo -m DOM-A DOM-B # wbinfo --sequence DOM-B : DISCONNECTED BUILTIN : 1220487886 MY_SAMBA : 1220487886 DOM-A : 23598 Now: ===I have no problem connecting to shares using dom-a or dom-b users and it works as Swiss Watch. However: ========= Ssh "dom-a\\user"@my_samba works (my_samba joined domain-a) Ssh "dom-b\\user"@my_samba ***** DOES NOT does work ***** I see call to winbindd_pam_auth in the log but nothing after. Also, issuing "id" for trusted domain user comes up like this: # id "dom-b\\administrator" uid=5000000(DOM-B\) gid=0(root) groups=0(root) Any idea? To conclude: ===========1. If I set two ways trust it works as a Swiss Watch 2. In one way trust, smbd is using ntlm and successfully authenticate the trusted domain user but pam based application failing as I described above. I would really appreciate any hint. Cheers, Ephi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ephi Dror wrote:> Hello, > > Pam based authentication is failing for trusted > domain users when the trust was set to one way.One way trust support for Winbind was introduced in Samba 3.2.0 What version are you running ? cheers, jerry - -- ====================================================================Samba ------- http://www.samba.org Likewise Software --------- http://www.likewisesoftware.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIwT0AIR7qMdg1EfYRAjWqAJ9liZfSJED+zUoJHWTdXbUxMucMmwCguDhu cxfcuxti41bqAozCYl1F46E=qG04 -----END PGP SIGNATURE-----
Hi Jerry, I used 3.0.25 and 3.0.31 I will look into this again as soon as we move on to 3.2. Cheers, Ephi -----Original Message----- From: Gerald (Jerry) Carter [mailto:jerry@samba.org] Sent: Friday, September 05, 2008 7:07 AM To: Ephi Dror Cc: samba@lists.samba.org Subject: Re: [Samba] On way trust issue -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ephi Dror wrote:> Hello, > > Pam based authentication is failing for trusted > domain users when the trust was set to one way.One way trust support for Winbind was introduced in Samba 3.2.0 What version are you running ? cheers, jerry - -- ====================================================================Samba ------- http://www.samba.org Likewise Software --------- http://www.likewisesoftware.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIwT0AIR7qMdg1EfYRAjWqAJ9liZfSJED+zUoJHWTdXbUxMucMmwCguDhu cxfcuxti41bqAozCYl1F46E=qG04 -----END PGP SIGNATURE-----