[Samba] accessing foreign AD users to NT domain
Rowland penny
rpenny at samba.org
Wed Aug 26 10:46:47 UTC 2020
On 26/08/2020 09:26, Piviul via samba wrote:
> Rowland penny via samba ha scritto il 25/08/20 alle 18:20:
>> [...]
>> Even though your users may have the same username in AD as in the
>> NT4-style domain, they are different users, so a few thoughts. You
>> have 'map to guest = bad user', so I take it you must have 'guest ok
>> = yes' set in the shares (you haven't shown us the shares),
> in effect there is no guest ok = yes in shares...
Then what is this from your 'tuning' share:
guest ok = yes
>
>> so try changing 'bad user' to 'bad password'. The only other thing I
>> can think of at the moment is to remove 'winbind use default domain =
>> yes'
> done, changed "map to guest" to "bad password" but nothing changed...
Change it back, it isn't your problem>
You have 'allow trusted domains = No' in 'global' and from 'man smb.conf':
allow trusted domains (G)
This option only takes effect when the security option is set to
server, domain or ads. If it is set to no, then attempts to
connect
to a resource from a domain or workgroup other than the one
which
smbd is running in will fail, even if that domain is trusted
by the
remote server doing the authentication.
You also have shares that can only be written to by '@DOMINIOCSA\domain
admins'
Rowland
>
> :(
>
> Piviul
>
More information about the samba
mailing list