domain\username requirements and 'map untrusted to domain'

d tbsky tbskyd at
Wed May 5 02:19:08 UTC 2021

Andrew Bartlett <abartlet at>
> I don't think you understand the purpose of introducing a new
> developer, but regardless I would note that you are welcome to try the
> suggested change on the bug and report your success or otherwise there.

  Indeed I don't understand. hope I didn't offend anyone for replying
the message.

> The primary blocker is the cryptographic behaviour of NTLMv2, which
> means we can't change the domain on the domain member server, because
> the domain is part of the password hash calculation.

  thanks for the explanation. samba's behavior is more
solid/consistent without these old designs/features.
although it feels good when samba can do something which normal
Micorsoft would not do.

More information about the samba-technical mailing list