[Samba] accessing foreign AD users to NT domain
Piviul
piviul at riminilug.it
Wed Aug 26 12:38:29 UTC 2020
L.P.H. van Belle via samba ha scritto il 26/08/20 alle 11:48:
> That is because.. Your not sending the DOMAIN\username but COMPUTER\username, so access denied.
Why you say that? I didn't use the /user option at all; the log I sent
has been generated running the following command:
net use g: \\IP\share /persistent:yes
Anyway nothing change if I use
net use g: \\F.Q.D.N.\share /persistent:yes
Furthermore if I use the option /user:NT4DOM\%username% the net use
command complete successfully; if I use /user:ADDOM\%username% didn't,
that's all.
> [...]
> \\hostname\share
> This only works if and due.
> 1) the search/primary domain is same in pc and servers.
> 2) netbios resolving works ( or due dns proxy = yes ) and/or due a working LLMNR setup. (default in windows 10)
> Do read : https://www.crowe.com/cybersecurity-watch/netbios-llmnr-giving-away-credentials
that's not so simple, network users are used to access shares browsing
the network and windows doesn't shows FQDN in browsing network...
> [...]
> Follow these rules..
> https://support.microsoft.com/en-us/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and
>
> And only use \\host.fqdn.tld\shares
ok, I'll remember.
Piviul
More information about the samba
mailing list