[Samba] ADS security mode - authenticating non-domain Linux users
Rowland penny
rpenny at samba.org
Wed Jun 5 07:17:55 UTC 2019
On 05/06/2019 02:49, Tim Miller via samba wrote:
> Hi Rowland,
>
> Thanks very much for the reply and confirming what I suspected. One
> quick questions in-line, if I may:
>
> On 6/4/19 4:00 PM, Rowland penny via samba wrote:
>> 'map untrusted to domain' made 'UNKNOWNDOMAIN\fred' become
>> 'LOCALDOMAIN\fred' and if 'fred' is a member of 'LOCALDOMAIN' and has
>> the correct password, then access will be allowed. The parameter 'map
>> untrusted to domain was removed at Samba 4.8.0, it was deprecated at
>> 4.7.0
> I found the patch that deprecated the option, with the comment
> (quoting from Volker Lendecke in
> https://lists.samba.org/archive/samba-technical/2017-March/119417.html):
>
> > In an active directory environment, we don't know of
> >a good way to enumerate all domains that we have to accept as trusted,
> >in particular with multiple forests, one-way and external trusts. We
> >hope to replace this parameter in the future with something that matches
> >Windows behaviour better, after the deprecation phase of this parameter
> >is over and we can remove it.
>
> Any notion of whether such a replacement is on the horizon at present?
> If not, we'll live with the behavior as-is.
>
> Regards,
> Tim
>
Sorry, but I have no idea what Volker is planning, if anything. That 'we
hope' has the sound of 'perhaps' to me ;-)
Rowland
More information about the samba
mailing list