Patch: convenience feature for non-domain clients

Andrew Bartlett abartlet at
Wed Oct 9 21:22:00 GMT 2002

Gerald Carter wrote:
> On Wed, 9 Oct 2002, Jon. Hallett wrote:
> > The background to this is that our Samba servers use "security = domain"
> > authentication for user accounts, but not all our Windows clients are
> > members of the domain, with the result that the clients often want to map
> > shares using non-domain "clientname\user" style accounts.
> >
> > The patch implements an "ignore client domain" option which forces Samba to
> > use the server's own domain when authenticating users, ignoring the domain
> > part of the username provided by the client.
> Just to throw my hat in the ring here, i'm not sure i like this for the
> reason that if a user sends DOMAIN\user i think we should assume that's
> what they really meant.  Interesting though, if I run
>         net use * \\server\jerry /user:jerry
> from a WinXP home box, i though the domain used was the local
> machine.  So it seems like this patch is unnecessary in user mode.
> Is that true?  Is it only applicable in domain mode?
> So a user say i am MACHINE\user and we try to authenticate then
> as DOMAIN\user against the PDC whcih could be someone they didn't
> mean?  It just seems like too many people behind the curtain.
> I would voite better user education (lot of good that will do me).

In HEAD and 3.0 the auth subsystem uses the value of 'allow trusted
domains' to determine if it should change the client-supplied domain. 
If that smb.conf value is false, the domain is replaced with the local

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list