[Samba] ADS security mode - authenticating non-domain Linux users
Tim Miller
btmiller at hpc.nih.gov
Wed Jun 5 01:49:43 UTC 2019
Hi Rowland,
Thanks very much for the reply and confirming what I suspected. One
quick questions in-line, if I may:
On 6/4/19 4:00 PM, Rowland penny via samba wrote:
> 'map untrusted to domain' made 'UNKNOWNDOMAIN\fred' become
> 'LOCALDOMAIN\fred' and if 'fred' is a member of 'LOCALDOMAIN' and has
> the correct password, then access will be allowed. The parameter 'map
> untrusted to domain was removed at Samba 4.8.0, it was deprecated at
> 4.7.0
I found the patch that deprecated the option, with the comment (quoting
from Volker Lendecke in
https://lists.samba.org/archive/samba-technical/2017-March/119417.html):
> In an active directory environment, we don't know of
>a good way to enumerate all domains that we have to accept as trusted,
>in particular with multiple forests, one-way and external trusts. We
>hope to replace this parameter in the future with something that matches
>Windows behaviour better, after the deprecation phase of this parameter
>is over and we can remove it.
Any notion of whether such a replacement is on the horizon at present?
If not, we'll live with the behavior as-is.
Regards,
Tim
More information about the samba
mailing list