[Samba] using Windows DC in security = server mode
- Date: Mon, 14 Apr 2008 19:16:28 +0100
- From: "Gordon Lack" <gml4410@xxxxxxx>
- Subject: [Samba] using Windows DC in security = server mode
We run Samba, but wish to authenticate against Windows DC. We do this using the "security = server" mode. We don't have the option of being part of the Windows setup directly. Although authentication is done against Windows DC (so users are not prompted for passwords) users do need a Unix account to use the service.
We have users in multiple Windows domains, and the DCs we point them at all trust the other domains (they exist for a variety of reason related to mergers and historic, trans-Atlantic boundaries).
On an (old) 2.2.x version of Samba this works - users from multiple domains can be validated on the same server just by pointing at a single Windows DC.
With 3.0.28a (and earlier 3.0.x versions) this no longer works. Only users in the default domain of the DC are validated.
A few lines of debug code show that what is happening now is that the domain put into the user_info structure, and hence what is seen by check_smbserver_security (in auth_server.c) is the name of the local workgroup.
I need this to be the domain as supplied by the caller.Can someone explain the reason behind the change, and what I can do to get the (correct) user-supplied domain to be used when authenticated against a Windows DC in "security = server" mode.
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
- Follow-Ups:
- Re: [Samba] using Windows DC in security = server mode
- From: Jeremy Allison
- Re: [Samba] using Windows DC in security = server mode
- Prev by Date: [Samba] chdir (/root/tmp) failed - but why is it trying?
- Next by Date: Re: [Samba] Samba / Vista Problem
- Previous by thread: [Samba] chdir (/root/tmp) failed - but why is it trying?
- Next by thread: Re: [Samba] using Windows DC in security = server mode
- Index(es):