SAMBA3.5pre2-Does map untrusted to domain work?
Steven Danneman
steven.danneman at isilon.com
Thu Jan 7 11:28:15 MST 2010
> I have a question on this, if you don't mind. If this matches the
> Windows behavior, how is it that
> an XP machine that is not joined to AD can map a network share, browse
> that AD server
> machine, etc., without having to also specify the domain with the
user.
> Meaning, the
> Windows 2008 R2 AD machine will recognize me (being in AD) when I do a
> "search",
> or "net use", etc., to a share on the 2008 machine. Again, that XP
> machine is not joined
> to the 2008 AD environment but will authenticate without the domain
> name.
Hey Michael,
This is because a Windows server, when it receives an unqualified user,
will treat it as a local user and do the user lookup and password check
against it's local Security Account Manager (SAM).
A domain member server, has it's own SAM that is separate from the
Domain. A domain controller, does not have a separate SAM. A domain
controller's directory replaces it's local SAM when it is promoted to a
DC.
Try connecting to a SMB share on a Windows machine that is a domain
member, but not a DC. Unqualified names will not work.
-Steven
More information about the samba-technical
mailing list