[Samba] Is Samba 4.9 and "map untrusted to domain" possible anymore?

Harald Hannelius harald+samba at arcada.fi
Thu Jun 4 18:35:12 UTC 2020

On Thu, 4 Jun 2020, Marco Gaiarin via samba wrote:

> Mandi! Harald Hannelius via samba
>  In chel di` si favelave...
>> Question 2)
>> Does a windows client behave differently when speaking to a NT4-domain or an
>> AD-domain in how they try passwords? I have a feeling that users in the
>> "AD"-domain didn't need to (manually at least) enter any passwords to get
>> their drives mapped from the "Samba" domain. "It just worked".
> Only a note.
> CLIENT windows OSes try to be 'polite' handling auth, so if you have
> same username and same password in two domains (and, as stated by
> rowland, you have SMB1 active), auth must work.

Well in the old NT4-domain we had.

The current issue is how to replicate that behaviour to between to 
AD-domains. Which seems impossible.

After giving it a thought, I might just have the users enter their username 
and password. It's the same, bar the domain-part of the username. Let's see 
what support thinks about my plan :)

> But, i restae, seems not some sort of 'server magic', only 'client
> magic': eg, windows client try to auth without the domain info, and so
> succeed.
> Do some test. ;-)

Yes, tested by deleting all credentials. The credentials stored where the 
old NT4-style domain credentials. The AD-level domain's credentials weren't 
stored in the the credential manager.



Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020

More information about the samba mailing list