SAMBA3.5pre2-Does map untrusted to domain work?

Steven Danneman steven.danneman at
Thu Jan 7 11:28:15 MST 2010

> I have a question on this, if you don't mind.  If this matches the
> Windows behavior, how is it that
> an XP machine that is not joined to AD can map a network share, browse
> that AD server
> machine, etc., without having to also specify the domain with the
> Meaning, the
> Windows 2008 R2 AD machine will recognize me (being in AD) when I do a
> "search",
> or "net use", etc., to a share on the 2008 machine.  Again, that XP
> machine is not joined
> to the 2008 AD environment but will authenticate without the domain
> name.

Hey Michael,

This is because a Windows server, when it receives an unqualified user,
will treat it as a local user and do the user lookup and password check
against it's local Security Account Manager (SAM).

A domain member server, has it's own SAM that is separate from the
Domain.  A domain controller, does not have a separate SAM.  A domain
controller's directory replaces it's local SAM when it is promoted to a

Try connecting to a SMB share on a Windows machine that is a domain
member, but not a DC.  Unqualified names will not work.


More information about the samba-technical mailing list