[Samba] Untrusted domains with security=ads

Deyan Stoykov dstoykov at uni-ruse.bg
Wed Apr 3 04:10:32 MDT 2013

On 02.04.2013 г. 18:06 ч., Jonathan Buzzard wrote:
> On Tue, 2013-04-02 at 16:28 +0300, Deyan Stoykov wrote:
>> Hello everyone,
>> Samba 3.6.9 on CentOS 6.4. With "security = ads", winbind doesn't
>> authenticate requests that prepend a not-existent domain to the
>> username. Users that have logged into the domain authenticate
>> transparently to squid with NTLM (format is domain\username), but not
>> users that are logged in locally or into another domain with the same
>> username and password (format is something_else\username). This wasn't
>> the case with "security = domain" and a Samba 3 DC:
>> with security = ads:
> See "map untrusted to domain" it defaults to no. The behaviour changed
> in 3.4

I tried with and without "map untrusted to domain" - it doesn't make a 
difference. Playing with "auth methods" solves the problem for smbd, but 
not for winbind.

Deyan Stoykov, dstoykov at uni-ruse.bg
System administrator
Computing and Information Services Center
University of Ruse

More information about the samba mailing list