[Samba] Samba 3.2.4, Win 2008 AD require domain name for auth.

Russ Ward russward662 at gmail.com
Fri Aug 21 08:53:38 MDT 2009


I'm hoping someone has seen this before and knows how to resolve it.

I am using samba 3.2.4 with a Windows 2008 AD.  Samba is configured with
security = ADS and works correctly from computers logged into the domain,
but does not allow users that are not in the domain to login by specifying
their username, without domain included, when trying to access a share.  The
user can access the share when they specify DOMAINNAME\USERNAME.

I have tried using a user map and user map script, but neither one seem to
resolve this issue.

Does anyone know how to make samba add the DOMAINNAME to the username before
passing it to the domain controller?

Thanks
-Russ

Details:

This system is running solaris 10, which has an underlying nis providing
user information.

Smb.conf global section:
  [global]
   workgroup = DOMAINNAME
   netbios name = servername
   netbios aliases = servername2
   server string = TEST Samba Server
   os level = 0
   domain master = no
   local master = no
   realm = FQDNINCAPS
   security = ADS
   encrypt passwords = Yes
   restrict anonymous = 2

krb5.conf:
  [libdefaults]
          default_realm = FQDNINCAPS

  [realms]
          FQDNINCAPS = {
          kdc = domaincontroller
          }

  [domain_realms]
          .kerberos.server = FQDNINCAPS

Software versions:
  openssl 0.9.8k
  krb5 1.7, MIT
  openldap 2.4.16
  samba 3.2.4

-- 
+------------------------------------------------------------------------------
|  Russ Ward
+------------------------------------------------------------------------------


More information about the samba mailing list