[Samba] Untrusted domains with security=ads

Jonathan Buzzard jonathan at buzzard.me.uk
Tue Apr 2 09:06:29 MDT 2013

On Tue, 2013-04-02 at 16:28 +0300, Deyan Stoykov wrote:
> Hello everyone,
> Samba 3.6.9 on CentOS 6.4. With "security = ads", winbind doesn't 
> authenticate requests that prepend a not-existent domain to the 
> username. Users that have logged into the domain authenticate 
> transparently to squid with NTLM (format is domain\username), but not 
> users that are logged in locally or into another domain with the same 
> username and password (format is something_else\username). This wasn't 
> the case with "security = domain" and a Samba 3 DC:
> with security = ads:

See "map untrusted to domain" it defaults to no. The behaviour changed
in 3.4


Jonathan A. Buzzard                 Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.

More information about the samba mailing list