[Samba] accessing foreign AD users to NT domain

Piviul piviul at riminilug.it
Thu Aug 27 13:19:14 UTC 2020


L.P.H. van Belle via samba ha scritto il 26/08/20 alle 15:41:
> [...]
> Thats exacly what i see.
> This:  net use g: \\IP\share /persistent:yes
> 
> Used COMPUTERNAME\username at REALM Or DOM\USER at COMPUTERNAME
> And not not DOM\user at REALM
> Thats what i mean, and if you look good in your logs you see this also.
yes I've seen it but if you say "Your not sending the DOMAIN\username 
but COMPUTER\username, so access denied." this is not true because I 
have only run the command "net use g: \\IP\share /persistent:yes"

>[...]
> Which is going to be
> 1) a problem in future.
> 2) is a security risk
> 3) users should not browse and should have drive mappings..
> But.. Im not controlling your network, you do, just my opinion.
that's not so simple... some data are in official server but others 
don't. We have a lot of instruments that produce data that are stored in 
local PCs; some users have to access these data to control and elaborate 
results... any way thank you for the hint, I'll think about it...

> The longer you wait with changing these setups, the more problems you will hit in the future.
> Not because im saying this.. Because
> 
> Microsoft is enforcing more securitybut it's Microsoft that develop NetBIOS and LLMNR and if it's enforcing 
security should enforce these protocols or remove them from their OS 
isn't it?

Any way I'll think about it.

Thank  you very much

Piviul



More information about the samba mailing list