[Samba] Make Samba4 ignore domain prefix on share logon

Jakub Veselý happy at gjh.sk
Sun Aug 16 15:47:41 UTC 2015


Here is our smb.conf:
[global]
  netbios name = SAMBA-TEST
  workgroup = <dom>
  security = ADS
  realm = AD.<dom>.SK
  encrypt passwords = yes

  idmap config *:backend = tdb
  idmap config *:range = 70001-150000
  idmap config <dom>:backend = ad
  idmap config <dom>:schema_mode = rfc2307
  idmap config <dom>:range = 2000-60000

  winbind nss info = rfc2307
  winbind trusted domains only = no
  winbind use default domain = yes
  winbind enum users = yes
  winbind enum groups = yes

  map untrusted to domain = yes

  vfs objects = acl_xattr
  map acl inherit = Yes
  store dos attributes = Yes

[test]
   path = /data/test
   read only = no
   admin users = "@<dom>\Enterprise Admins"

[homes]
  comment = Home Directories
  browseable = no
  read only = no
  create mask = 0600
  directory mask = 0700
  invalid users = <snip>

S pozdravom,

Jakub Veselý
Správca siete GJH
Novohradská 3, 82109 Bratislava
02/210 28 328

2015-08-16 17:42 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>:

> On 16/08/15 16:34, Jakub Veselý wrote:
>
> We do have that in smb.conf, but it does not seem to work.
>
> S pozdravom,
>
> Jakub Veselý
> Správca siete GJH
> Novohradská 3, 82109 Bratislava
> 02/210 28 328
>
> 2015-08-16 17:27 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
>
>> On 16/08/15 16:17, Felix Matouschek wrote:
>>
>>> Hello Jakub,
>>>
>>> "map untrusted to domain = yes" should probably do what you want.
>>>
>>> Greetings,
>>> Felix
>>>
>>> Am 15.08.2015 um 07:24 schrieb Jakub Veselý:
>>>
>>>> Hello,
>>>>
>>>> at my work we are migrating from samba 3.6.24 on gentoo + openLDAP to
>>>> Windows Server 2012 AD DC + Samba 4.1.6 Ubuntu Member server for file
>>>> sharing. Our old configuration ignores domain prefixes when logging on
>>>> to
>>>> shares i.e. I just need to type user instead of SAMDOM\user when
>>>> accessing
>>>> share from windows machines. The Windows DC behaves like this too, but
>>>> samba 4 does not. Is there any way to replicate this behavior on the new
>>>> version? Our users are used to not typing it and it would be quite
>>>> troublesome to retrain them. Additionally, we have a lot of windows
>>>> batch
>>>> files that mount shares that also contain non-prefixed credentials,
>>>> scattered all around our organization.
>>>>
>>>> Thanks for help,
>>>>
>>>> Jakub Vesely
>>>>
>>>
>>>
>>>
>>>
>> yes, but most people use 'winbind use default domain = yes' instead.
>>
>> see 'man smb.conf' for more info.
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
> It should, can you post the smb.conf from the samba 4 fileserver
> (sanitized if you like)
>
> Rowland
>


More information about the samba mailing list