[Samba] ADS security mode - authenticating non-domain Linux users
Christian Naumer
cn at brain-biotech.de
Wed Jun 5 04:10:02 UTC 2019
Have you tried using domain\user to log in? That should work if this is the problem.
Am 5. Juni 2019 03:49:43 MESZ schrieb Tim Miller via samba <samba at lists.samba.org>:
>Hi Rowland,
>
>Thanks very much for the reply and confirming what I suspected. One
>quick questions in-line, if I may:
>
>On 6/4/19 4:00 PM, Rowland penny via samba wrote:
>> 'map untrusted to domain' made 'UNKNOWNDOMAIN\fred' become
>> 'LOCALDOMAIN\fred' and if 'fred' is a member of 'LOCALDOMAIN' and has
>
>> the correct password, then access will be allowed. The parameter 'map
>
>> untrusted to domain was removed at Samba 4.8.0, it was deprecated at
>> 4.7.0
>I found the patch that deprecated the option, with the comment (quoting
>
>from Volker Lendecke in
>https://lists.samba.org/archive/samba-technical/2017-March/119417.html):
>
> > In an active directory environment, we don't know of
>>a good way to enumerate all domains that we have to accept as trusted,
> >in particular with multiple forests, one-way and external trusts. We
>>hope to replace this parameter in the future with something that
>matches
>>Windows behaviour better, after the deprecation phase of this
>parameter
> >is over and we can remove it.
>
>Any notion of whether such a replacement is on the horizon at present?
>If not, we'll live with the behavior as-is.
>
>Regards,
>Tim
--
Dr. Christian Naumer
Research Scientist
Plattform-Koordinator Bioprozesstechnik
B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.de, homepage www.brain-biotech.de
fon +49-6251-9331-30 / fax +49-6251-9331-11
Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Dr. Juergen Eck (Vorsitzender), Manfred Bender,
Ludger Roedder
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
More information about the samba
mailing list