[Samba] Cross-domain share access via same user+password doesn't work anymore

freebsd at tango.lu freebsd at tango.lu
Thu Sep 3 18:09:07 UTC 2020

I having the same issue like:


I have 2 samba servers running with nearly identical configs:

ii  samba                                 2:3.6.6-6+deb7u15
ii  samba-common                   2:4.9.5+dfsg-5+deb10u1

The problem is that for old os-es like Win9X the username cannot be 
changed, it will just use USERNAME or WORKGROUP\USERNAME for the user.

With the old samba version this works well because if it accepts only 
the username for authentication with the new one I just cannot make it 
accept it so only:

smbclient -U "SAMBASERVERNAME\user%password" \\\share

works and as I noted older Win9X clients cant do this type of 

The desired would be:

smbclient -U "user%password" \\\share

First I found this option in the old samba (regardless it is set to No 
by default it just works):

	map untrusted to domain = No

This option is no longer available in the new samba.

Another suggested solution, also not available in the new samba:

As a workaround the following option can be set on all Samba AD/DCs of 
the domain:

  auth methods = anonymous sam winbind_rodc sam_failtrusts 

Is there any way I can get this work with the new version or am I forced 
to compile 3.x to get this feature back?

More information about the samba mailing list