[Samba] accessing foreign AD users to NT domain

Rowland penny rpenny at samba.org
Wed Aug 26 10:46:47 UTC 2020

On 26/08/2020 09:26, Piviul via samba wrote:
> Rowland penny via samba ha scritto il 25/08/20 alle 18:20:
>> [...]
>> Even though your users may have the same username in AD as in the 
>> NT4-style domain, they are different users, so a few thoughts. You 
>> have 'map to guest = bad user', so I take it you must have 'guest ok 
>> = yes' set in the shares (you haven't shown us the shares), 
> in effect there is no guest ok = yes in shares...

Then what is this from your 'tuning' share:

guest ok = yes

>> so try changing 'bad user' to 'bad password'. The only other thing I 
>> can think of at the moment is to remove 'winbind use default domain = 
>> yes'
> done, changed "map to guest" to "bad password" but nothing changed...

Change it back, it isn't your problem>

You have 'allow trusted domains = No' in 'global' and from 'man smb.conf':

        allow trusted domains (G)

            This option only takes effect when the security option is set to
            server, domain or ads. If it is set to no, then attempts to 
            to a resource from a domain or workgroup other than the one 
            smbd is running in will fail, even if that domain is trusted 
by the
            remote server doing the authentication.

You also have shares that can only be written to by '@DOMINIOCSA\domain 


> :(
> Piviul

More information about the samba mailing list