[Samba] Make Samba4 ignore domain prefix on share logon

Rowland Penny rowlandpenny241155 at gmail.com
Sun Aug 16 18:35:35 UTC 2015 

On 16/08/15 16:55, Jakub Veselý wrote:
> I am trying to log in with my domain credentials, that are valid, 
> because when I prefix the login it succeeds.
>
> S pozdravom,
>
> Jakub Veselý
> Správca siete GJH
> Novohradská 3, 82109 Bratislava
> 02/210 28 328
>
> 2015-08-16 17:46 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com 
> <mailto:rowlandpenny241155 at gmail.com>>:
>
>     On 16/08/15 16:38, Jakub Veselý wrote:
>
>         Unfortunately 'map untrusted to domain = yes' did not help, I
>         still keep
>         getting wrong username or password error while accessing the
>         share. I do
>         have 'winbind use default domain = yes' in the configuration,
>         but seem to
>         have no effect on windows either. I am trying it from windows
>         10 PC that is
>         not joined to domain, could the os be an issue?
>
>         Jakub Vesely
>
>
>     possibly, but you are trying to connect as a user that just
>     doesn't exist (i.e. a user from outside the domain), you may need
>     to use 'map to Bad User', but as I said, post your smb.conf
>
>
>     Rowland
>
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>
>

OK, I tried to login from a VM that isn't connected to my domain with a 
domain user to a share on a member server and it works, the share is 
owned by root:Domain Users with 0775 permissions

My smb.conf is very similar to yours with the addition of these lines:

         dedicated keytab file = /etc/krb5.keytab
         kerberos method = secrets and keytab
         winbind expand groups = 4
         winbind refresh tickets = Yes
         winbind normalize names = Yes

I do not have these lines:

   winbind trusted domains only = no
   map untrusted to domain = yes

The share stanza is just this:

[testshare]
         path = /home/share
         read only = no

The command I used on the VM is this:

smbclient \\\\computer.example.com\\testshare -U rowland%password

The member server is running Linux Mint 17 (aka Ubuntu 14.04) with samba 
4.1.6

My users have a uidNumber and Domain Users has a gidNumber.

Rowland

More information about the samba mailing list