SAMBA3.5pre2-Does map untrusted to domain work?

Steven Danneman steven.danneman at
Wed Jan 6 17:57:41 MST 2010

Hi Michael,

I don't quite understand the problem you're having.  You're saying that
you set "map untrusted to domain" to yes in your smb.conf, and you're
still unable to login without specifying a domain name?

What you described in your email is the new intended behavior.  If your
client is not joined to the domain, and you want to authenticate to a
member Samba server with a domain user, you must explicitly specify the
domain of that user on the client machine.  This is the
new-matches-Windows behavior.


> -----Original Message-----
> From: samba-technical-bounces at [mailto:samba-technical-
> bounces at] On Behalf Of MICHAEL BROWN
> Sent: Wednesday, January 06, 2010 11:11 AM
> To: samba-technical at
> Subject: SAMBA3.5pre2-Does map untrusted to domain work?
> Greetings,
> I had asked this previously.
> I had read that the "map untrusted to domain" is supposed to revert
> back to the way SAMBA previously authenticated the
> users, if needed per this thread:
> "Previous to my patches, smbd would replace an untrusted domain name,
> or
> a NULL domain name, with the primary domain, and then try to
> authenticate that name against the DC.  This, while not matching
> Windows
> behavior, seems to be the behavior you're expecting and want in your
> setup.  That's why the "map untrusted to domain" parameter exists, to
> allow you to revert to the previous non-Windows behavior."
> Unless I am missing something, this switch does not seem to work in
> that I can't get the user
> authenticated to a SAMBA share unless the domain is also specified
> the username.  The logs show that
> the machine's name is used as the domain name, unless you specify the
> real domain name when authenticating.
> Log with just username:
> Got user=[someuser] domain=[XPMachine] workstation=[XPMachine]
> Log when you specify domain (which is what I need without specifying
> the domain):
> Got user=[someuser] domain=[DomainSambaJoinedTo]
> workstation=[XPMachine]
> The test setup is SAMBA3.5 pre2 joined to a Windows 2008 R2 active
> directory server.  The machine trying
> to access the share is an XP SP3 machine and is NOT joined to the 2008
> R2 AD server.
> Thanks for the help!
> NOTICE - This communication may contain confidential and privileged
> information that is for the sole use of the intended recipient. Any
> viewing, copying or distribution of, or reliance on this message by
> unintended recipients is strictly prohibited.  If you have received
> this message in error, please notify us immediately by replying to the
> message and deleting it from your computer.

More information about the samba-technical mailing list