[Samba] accessing foreign AD users to NT domain

Piviul piviul at riminilug.it
Wed Aug 26 12:26:00 UTC 2020

Rowland penny via samba ha scritto il 26/08/20 alle 12:46:
> On 26/08/2020 09:26, Piviul via samba wrote:
>> Rowland penny via samba ha scritto il 25/08/20 alle 18:20:
>>> [...]
>>> Even though your users may have the same username in AD as in the 
>>> NT4-style domain, they are different users, so a few thoughts. You 
>>> have 'map to guest = bad user', so I take it you must have 'guest ok 
>>> = yes' set in the shares (you haven't shown us the shares), 
>> in effect there is no guest ok = yes in shares...
> Then what is this from your 'tuning' share:
> guest ok = yes
you are right I forgot the tuning share... I forgot it because when I 
say you that there is not 'guest ok = yes' in shares I was thinking 
about filesystem shares and the tuning share is a virtual printer... any 
way you are right I've used it in tuning share...

>>> so try changing 'bad user' to 'bad password'. The only other thing I 
>>> can think of at the moment is to remove 'winbind use default domain = 
>>> yes'
>> done, changed "map to guest" to "bad password" but nothing changed...
> Change it back, it isn't your problem>

> You have 'allow trusted domains = No' in 'global' and from 'man smb.conf':
>         allow trusted domains (G)
>             This option only takes effect when the security option is 
> set to
>             server, domain or ads. If it is set to no, then attempts to 
> connect
>             to a resource from a domain or workgroup other than the one 
> which
>             smbd is running in will fail, even if that domain is trusted 
> by the
>             remote server doing the authentication.
ok, I have removed it;

> You also have shares that can only be written to by '@DOMINIOCSA\domain 
> admins'
yes, that's true but I'm connecting to shares that the user can access 
or better to shares that domainNT\user can connect but domainAD\user 
can't like http share in zizi server.


More information about the samba mailing list