[Samba] ADS security mode - authenticating non-domain Linux users

Christian Naumer cn at brain-biotech.de
Wed Jun 5 04:10:02 UTC 2019

Have you tried using domain\user to log in? That should work if this is the problem.

Am 5. Juni 2019 03:49:43 MESZ schrieb Tim Miller via samba <samba at lists.samba.org>:
>Hi Rowland,
>Thanks very much for the reply and confirming what I suspected. One 
>quick questions in-line, if I may:
>On 6/4/19 4:00 PM, Rowland penny via samba wrote:
>> 'map untrusted to domain' made 'UNKNOWNDOMAIN\fred' become 
>> 'LOCALDOMAIN\fred' and if 'fred' is a member of 'LOCALDOMAIN' and has
>> the correct password, then access will be allowed. The parameter 'map
>> untrusted to domain was removed at Samba 4.8.0, it was deprecated at 
>> 4.7.0
>I found the patch that deprecated the option, with the comment (quoting
>from Volker Lendecke in 
> > In an active directory environment, we don't know of
>>a good way to enumerate all domains that we have to accept as trusted,
> >in particular with multiple forests, one-way and external trusts. We
>>hope to replace this parameter in the future with something that
>>Windows behaviour better, after the deprecation phase of this
> >is over and we can remove it.
>Any notion of whether such a replacement is on the horizon at present? 
>If not, we'll live with the behavior as-is.

Dr. Christian Naumer
Research Scientist
Plattform-Koordinator Bioprozesstechnik

B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.de, homepage www.brain-biotech.de
fon +49-6251-9331-30  /   fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Dr. Juergen Eck (Vorsitzender), Manfred Bender,
Ludger Roedder
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen

More information about the samba mailing list