[Samba] accessing foreign AD users to NT domain

Marco Gaiarin gaio at sv.lnf.it
Tue Aug 25 16:53:00 UTC 2020

Mandi! Rowland penny via samba
  In chel di` si favelave...

> Even though your users may have the same username in AD as in the NT4-style
> domain, they are different users, so a few thoughts. You have 'map to guest
> = bad user', so I take it you must have 'guest ok = yes' set in the shares
> (you haven't shown us the shares), so try changing 'bad user' to 'bad
> password'.

Interesting. But my server had 'map to guest = Bad User', and worked.
Anyway, it is worth a try...

> The only other thing I can think of at the moment is to remove
> 'winbind use default domain = yes'

It was a try, i think in NT mode don't bother at all.

Paolo, if possible:

a) your client OS is Win10 or Win7? I don't remember if you have
 specified it.
If possible, use Win7. If not, make sure ti have smb1 enabled, but also
 - https://support.microsoft.com/en-gb/help/4046019/guest-access-in-smb2-disabled-by-default-in-windows-10-and-windows-ser

b) you have tried to mount shares using IP and not names? EG, try
	net use g: \\\share /persistent:yes

c) follow the hint by Louis, eg try to explicit the login in domainful
	net use g: \\server.fqdn.tld\share /persistent:yes /user:NT4DOM\%username%

 (i think that this WILL HAVE to work!)

If possible, for every try enable log (samba and windows) and post result.

dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list