SAMBA3.5pre2-Does map untrusted to domain work?

Tue Jan 19 13:53:10 MST 2010

Hello, Steven.
Did you ever get a chance to look at this?  I just tried this on the latest 3.4.5 build but it still seems to be doing the same
thing in that I have to pass the domain with the username in order for SAMBA to authenticate.  Meaning,
the "map untrusted to domain" does not seem to revert to the previous behavior.  With that enabled, the logs
still show:

Got user=[username] domain=[pcname] workstation=[pcname]

Thanks for the help!

>>> On Wednesday, January 06, 2010 at 8:36 PM, in message
<4B380F71E6E9554CBDEF046D1CDF5E4C0560C7BD at seaxch08.desktop.isilon.com>, "Steven
Danneman" <steven.danneman at isilon.com> wrote:
> Hi Michael, 
> 
> I came across your other email.  I'll try to test whether "map untrusted
> to domain" turned on is not giving the expected behavior in 3.5.0.  I'm
> having some problems with my build environment at the moment, so I'll
> probably get to it tomorrow.
> 
> -Steven
> 
>> -----Original Message-----
>> From: samba-technical-bounces at lists.samba.org [mailto:samba-technical-
>> bounces at lists.samba.org] On Behalf Of MICHAEL BROWN
>> Sent: Wednesday, January 06, 2010 11:11 AM
>> To: samba-technical at lists.samba.org 
>> Subject: SAMBA3.5pre2-Does map untrusted to domain work?
>> 
>> Greetings,
>> I had asked this previously.
>> I had read that the "map untrusted to domain" is supposed to revert
>> back to the way SAMBA previously authenticated the
>> users, if needed per this thread:
>>
> http://lists.samba.org/archive/samba-technical/2010-January/068635.html 
>> 
>> "Previous to my patches, smbd would replace an untrusted domain name,
>> or
>> a NULL domain name, with the primary domain, and then try to
>> authenticate that name against the DC.  This, while not matching
>> Windows
>> behavior, seems to be the behavior you're expecting and want in your
>> setup.  That's why the "map untrusted to domain" parameter exists, to
>> allow you to revert to the previous non-Windows behavior."
>> 
>> 
>> Unless I am missing something, this switch does not seem to work in
>> that I can't get the user
>> authenticated to a SAMBA share unless the domain is also specified
> with
>> the username.  The logs show that
>> the machine's name is used as the domain name, unless you specify the
>> real domain name when authenticating.
>> 
>> Log with just username:
>> Got user=[someuser] domain=[XPMachine] workstation=[XPMachine]
>> 
>> Log when you specify domain (which is what I need without specifying
>> the domain):
>> Got user=[someuser] domain=[DomainSambaJoinedTo]
>> workstation=[XPMachine]
>> 
>> The test setup is SAMBA3.5 pre2 joined to a Windows 2008 R2 active
>> directory server.  The machine trying
>> to access the share is an XP SP3 machine and is NOT joined to the 2008
>> R2 AD server.
>> 
>> Thanks for the help!

NOTICE - This communication may contain confidential and privileged information that is for the sole use of the intended recipient. Any viewing, copying or distribution of, or reliance on this message by unintended recipients is strictly prohibited.  If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer.