simo wrote: [dd] > > > > My question: if BERYLIUM trusts ANOTHERDOMAIN, and > > > > ANOTHERDOMAIN\WambatW tries to open a connection to my Samba server, > > > > what user will be looked up in /etc/passwd? > > > > > > It should be: > > > ANOTHERDOMAIN\WambatW > > > > A Unix user with a slash in the login name? Sorry I doubt that because > > I have a script in smb.conf: > > > > add user script = /usr/sbin/pw useradd %u -m -Y -M 755 > > > > and the script's log shows that those users from trusted domains are > > being created as "WambatW", not "ANOTHERDOMAIN\WambatW". > > > > How/where can I see/debug the actual mapping happening? > > When using trusted domains you should run winbindd, relying on add user > script is basically not supported/tested for trusted domain. This is very sad news. My add user script creates users in the NIS database which is made available to several Unix hosts. This is a very reliable technology: once a user is created, it remains rock solid. I feel very reluctant for the Unix user ids to depend upon some obscure IDMAP databases prone to corruption, and the availability of Windows domain controllers. Is there a way to map all trusted domain users to the guest account? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:sudakov@xxxxxxxxxxxxxxxx -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba