[Samba] Cross-domain share access via same user+password doesn't work anymore
Rowland penny
rpenny at samba.org
Thu Sep 3 18:59:39 UTC 2020
On 03/09/2020 19:09, freebsd--- via samba wrote:
> I having the same issue like:
>
> https://forge.univention.org/bugzilla/show_bug.cgi?id=47314
>
> I have 2 samba servers running with nearly identical configs:
>
> ii samba 2:3.6.6-6+deb7u15
> ii samba-common 2:4.9.5+dfsg-5+deb10u1
>
> The problem is that for old os-es like Win9X the username cannot be
> changed, it will just use USERNAME or WORKGROUP\USERNAME for the user.
>
> With the old samba version this works well because if it accepts only
> the username for authentication with the new one I just cannot make it
> accept it so only:
>
> smbclient -U "SAMBASERVERNAME\user%password" \\1.2.3.4\share
>
> works and as I noted older Win9X clients cant do this type of
> authentication.
>
> The desired would be:
>
> smbclient -U "user%password" \\1.2.3.4\share
>
>
> First I found this option in the old samba (regardless it is set to No
> by default it just works):
>
> map untrusted to domain = No
>
> This option is no longer available in the new samba.
>
>
> Another suggested solution, also not available in the new samba:
>
> As a workaround the following option can be set on all Samba AD/DCs of
> the domain:
>
> auth methods = anonymous sam winbind_rodc sam_failtrusts
> sam_ignoredomain
>
>
> Is there any way I can get this work with the new version or am I
> forced to compile 3.x to get this feature back?
>
>
I don't think that is your problem, it is more likely to be the
password, try adding these lines:
lanman auth = Yes
client lanman auth = Yes
client plaintext auth = Yes
But be aware, your Samba is now very insecure.
Rowland
More information about the samba
mailing list