SAMBA3.5pre2-Does map untrusted to domain work?

[Steven Danneman]

Hi Michael, 

I came across your other email.  I'll try to test whether "map untrusted
to domain" turned on is not giving the expected behavior in 3.5.0.  I'm
having some problems with my build environment at the moment, so I'll
probably get to it tomorrow.

-Steven

> -----Original Message-----
> From: samba-technical-bounces at lists.samba.org [mailto:samba-technical-
> bounces at lists.samba.org] On Behalf Of MICHAEL BROWN
> Sent: Wednesday, January 06, 2010 11:11 AM
> To: samba-technical at lists.samba.org
> Subject: SAMBA3.5pre2-Does map untrusted to domain work?
> 
> Greetings,
> I had asked this previously.
> I had read that the "map untrusted to domain" is supposed to revert
> back to the way SAMBA previously authenticated the
> users, if needed per this thread:
>
http://lists.samba.org/archive/samba-technical/2010-January/068635.html
> 
> "Previous to my patches, smbd would replace an untrusted domain name,
> or
> a NULL domain name, with the primary domain, and then try to
> authenticate that name against the DC.  This, while not matching
> Windows
> behavior, seems to be the behavior you're expecting and want in your
> setup.  That's why the "map untrusted to domain" parameter exists, to
> allow you to revert to the previous non-Windows behavior."
> 
> 
> Unless I am missing something, this switch does not seem to work in
> that I can't get the user
> authenticated to a SAMBA share unless the domain is also specified
with
> the username.  The logs show that
> the machine's name is used as the domain name, unless you specify the
> real domain name when authenticating.
> 
> Log with just username:
> Got user=[someuser] domain=[XPMachine] workstation=[XPMachine]
> 
> Log when you specify domain (which is what I need without specifying
> the domain):
> Got user=[someuser] domain=[DomainSambaJoinedTo]
> workstation=[XPMachine]
> 
> The test setup is SAMBA3.5 pre2 joined to a Windows 2008 R2 active
> directory server.  The machine trying
> to access the share is an XP SP3 machine and is NOT joined to the 2008
> R2 AD server.
> 
> Thanks for the help!
> 
> 
> NOTICE - This communication may contain confidential and privileged
> information that is for the sole use of the intended recipient. Any
> viewing, copying or distribution of, or reliance on this message by
> unintended recipients is strictly prohibited.  If you have received
> this message in error, please notify us immediately by replying to the
> message and deleting it from your computer.