[Samba] Samba 4.6.5-Debian, authentication on a mix workgroup+domain

Rowland Penny rpenny at samba.org
Fri Jul 28 08:46:40 UTC 2017 

On Fri, 28 Jul 2017 00:38:15 +0200
Marc-Henri Pamiseux via samba <samba at lists.samba.org> wrote:

> Hello,
> 
> I encounter a particular configuration at a client.
> Stations linked to the Samba domain are mixed with other workstations
> configured as a Workgroup.
> 
> The Workgroup has the same name as the Samba domain.
> Domain machines can access data from a domain member server.
> There is no additionnal identification request since this step was
> carried out at the open time of the session.
> 
> Historically, this was also the case for machines operating in the
> Workgroup mode. The condition was obviously that the same connection
> name had to be create on both the machine and the domain controller.
> I am glad to think that passwords should not be often changed !
> 
> Since then, I have updated Samba to :
> # Samba -V
> Version 4.6.5-Debian
> 
> Therefore, when a Workstation tries to access the resources of a
> member server on the domain, a prompt asks the user to identify
> itself.
> 
> If the user only input his ID, this will not work. User must prefix
> his identifier with the name of the domain:
> DOMAIN\login
> 
> The client asks me if it would be possible not to have to add the
> domain name in this entry. I guess that's not the best way...
> Why was this working before ?
> Is there a configuration variable that would allow that?
> Something like "username level = 2" can do.
> 
> An option that helps Samba to try and 'guess' at the real DOMAIN name.
> I can read this on smb.conf man page :
> 
> "When performing local authentication, the username map is applied to
> the login name before attempting to authenticate the connection.
> 
> When relying upon a external domain controller for validating
> authentication requests, smbd will apply the username map to the fully
> qualified username (i.e.  DOMAIN\user) only after the user has been
> successfully authenticated."
> 
> Sorry, but I do not understand how this works or how does this
> authentication work?
> 
> Regards,

Hi, sorry but my crystal ball is away at the menders and my telepathy
is on the fritz, so could you please post your smb.conf ;-)

Rowland

More information about the samba mailing list