[Samba] Cross-domain share access via same user+password doesn't work anymore
freebsd at tango.lu
freebsd at tango.lu
Thu Sep 3 18:09:07 UTC 2020
I having the same issue like:
https://forge.univention.org/bugzilla/show_bug.cgi?id=47314
I have 2 samba servers running with nearly identical configs:
ii samba 2:3.6.6-6+deb7u15
ii samba-common 2:4.9.5+dfsg-5+deb10u1
The problem is that for old os-es like Win9X the username cannot be
changed, it will just use USERNAME or WORKGROUP\USERNAME for the user.
With the old samba version this works well because if it accepts only
the username for authentication with the new one I just cannot make it
accept it so only:
smbclient -U "SAMBASERVERNAME\user%password" \\1.2.3.4\share
works and as I noted older Win9X clients cant do this type of
authentication.
The desired would be:
smbclient -U "user%password" \\1.2.3.4\share
First I found this option in the old samba (regardless it is set to No
by default it just works):
map untrusted to domain = No
This option is no longer available in the new samba.
Another suggested solution, also not available in the new samba:
As a workaround the following option can be set on all Samba AD/DCs of
the domain:
auth methods = anonymous sam winbind_rodc sam_failtrusts
sam_ignoredomain
Is there any way I can get this work with the new version or am I forced
to compile 3.x to get this feature back?
More information about the samba
mailing list