[Samba] is "map untrusted to domain" possible?
d tbsky
tbskyd at gmail.com
Fri Jun 29 07:48:32 UTC 2018
2018-06-29 15:12 GMT+08:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Fri, 29 Jun 2018 12:56:33 +0800
> d tbsky via samba <samba at lists.samba.org> wrote:
>
>> hi:
>>
>> at RHEL 7.4 we had used "map untrusted to domain = yes". so users
>> can login with "username" instead of "sam-dom\username".
>>
>> after upgrade to RHEL 7.5, samba version upgrade from 4.6 to 4.7.
>> now "map untrusted to domain = yes" or "map untrusted to domain =
>> auto" are not working.
>>
>> can we still let user to use "usename" instead of
>> "sam-dom\username" like old days?
>>
>> thanks a lot for help!!
>>
>
> The default for 'map untrusted to domain' was changed from 'no' to
> 'auto' when 4.7.0 was released, but setting it to 'yes' should still
> work.
>
> Can you please post the '[global]' portion of your smb.conf.
>
> Rowland
hi:
samba file server global configuration below:
[global]
workgroup = SAM-DOM
netbios name = file
# password server = DC.AD.SAM-DOM.EXAMPLE.COM
realm = AD.SAM-DOM.EXAMPLE.COM
security = ads
idmap config *:backend = tdb
idmap config *:range = 1000000-1999999
idmap config SAM-DOM:backend = ad
idmap config SAM-DOM:default = yes
idmap config SAM-DOM:range = 1000-999999
idmap config SAM-DOM:schema_mode = rfc2307
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = yes
winbind offline logon = no
obey pam restrictions = no
winbind nss info = template
template homedir = /share/samba/home/%U
template shell = /bin/bash
lanman auth = yes
map untrusted to domain = yes
More information about the samba
mailing list