[Samba] Is Samba 4.9 and "map untrusted to domain" possible anymore?
Harald Hannelius
harald+samba at arcada.fi
Thu Jun 4 18:35:12 UTC 2020
On Thu, 4 Jun 2020, Marco Gaiarin via samba wrote:
> Mandi! Harald Hannelius via samba
> In chel di` si favelave...
>
>> Question 2)
>> Does a windows client behave differently when speaking to a NT4-domain or an
>> AD-domain in how they try passwords? I have a feeling that users in the
>> "AD"-domain didn't need to (manually at least) enter any passwords to get
>> their drives mapped from the "Samba" domain. "It just worked".
>
> Only a note.
>
> CLIENT windows OSes try to be 'polite' handling auth, so if you have
> same username and same password in two domains (and, as stated by
> rowland, you have SMB1 active), auth must work.
Well in the old NT4-domain we had.
The current issue is how to replicate that behaviour to between to
AD-domains. Which seems impossible.
After giving it a thought, I might just have the users enter their username
and password. It's the same, bar the domain-part of the username. Let's see
what support thinks about my plan :)
> But, i restae, seems not some sort of 'server magic', only 'client
> magic': eg, windows client try to auth without the domain info, and so
> succeed.
>
> Do some test. ;-)
Yes, tested by deleting all credentials. The credentials stored where the
old NT4-style domain credentials. The AD-level domain's credentials weren't
stored in the the credential manager.
Thanks
--
Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020
More information about the samba
mailing list