Re: allow trusted domains

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



simo wrote:
[dd]

> > > > My question: if BERYLIUM trusts ANOTHERDOMAIN, and
> > > > ANOTHERDOMAIN\WambatW tries to open a connection to my Samba server,
> > > > what user will be looked up in /etc/passwd?
> > > 
> > > It should be:
> > > ANOTHERDOMAIN\WambatW
> > 
> > A Unix user with a slash in the login name? Sorry I doubt that because
> > I have a script in smb.conf:
> > 
> > add user script = /usr/sbin/pw useradd %u -m -Y -M 755
> > 
> > and the script's log shows that those users from trusted domains are
> > being created as "WambatW", not "ANOTHERDOMAIN\WambatW". 
> > 
> > How/where can I see/debug the actual mapping happening?
> 
> When using trusted domains you should run winbindd, relying on add user
> script is basically not supported/tested for trusted domain.

This is very sad news. My add user script creates users in the NIS
database which is made available to several Unix hosts. This is a very
reliable technology: once a user is created, it remains rock solid. I
feel very reluctant for the Unix user ids to depend upon some obscure
IDMAP databases prone to corruption, and the availability of Windows
domain controllers.

Is there a way to map all trusted domain users to the guest account?

So that they have access rights to public shares equal to those of
nonexistent users?

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov@xxxxxxxxxxxxxxxx
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[Linux]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [Internet Dating Forums]     [RAID]     [Yosemite News]     [Photography]

Add to Google Powered by Linux