[Samba] accessing foreign AD users to NT domain

Piviul piviul at riminilug.it
Wed Aug 26 12:38:29 UTC 2020

L.P.H. van Belle via samba ha scritto il 26/08/20 alle 11:48:
> That is because.. Your not sending the DOMAIN\username but COMPUTER\username, so access denied.
Why you say that? I didn't use the /user option at all; the log I sent 
has been generated running the following command:
net use g: \\IP\share /persistent:yes

Anyway nothing change if I use
net use g: \\F.Q.D.N.\share /persistent:yes

Furthermore if I use the option /user:NT4DOM\%username% the net use 
command complete successfully; if I use /user:ADDOM\%username% didn't, 
that's all.

> [...]
> \\hostname\share
> This only works if and due.
> 1) the search/primary domain is same in pc and servers.
> 2) netbios resolving works ( or due dns proxy = yes ) and/or due a working LLMNR setup. (default in windows 10)
>    Do read : https://www.crowe.com/cybersecurity-watch/netbios-llmnr-giving-away-credentials
that's not so simple, network users are used to access shares browsing 
the network and windows doesn't shows FQDN in browsing network...

> [...] 
> Follow these rules..
> https://support.microsoft.com/en-us/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and
> And only use \\host.fqdn.tld\shares
ok, I'll remember.


More information about the samba mailing list