[Samba] Cross-domain share access via same user+password doesn't work anymore

freebsd at tango.lu freebsd at tango.lu
Tue Sep 8 07:54:47 UTC 2020

On 2020-09-05 18:05, Rowland penny via samba wrote:
> On 05/09/2020 16:30, freebsd at tango.lu wrote:
>> Hello,
>> I already had those in both samba server and I don't care about 
>> security with this setup. Here is what happens:
> Well, not having seen your smb.conf files, I didn't know you had those
> lines. I also had to point out the pitfalls of using them.
> I think it may help if we see your smb.conf files.
> Rowland

Yes that is exactly what I thought that it is not a config issue because 
with nearly the same config it works on the 3.6 and not the 4.x.

Since someone asked for my smb.conf here it goes:

    workgroup = WG2
    netbios name = SMBB
    guest ok = no
    security = user
    wins support = yes
    wins proxy = no
    syslog only = no
    syslog = 0;
    encrypt passwords = true

; WIN 98
lanman auth = Yes
client lanman auth = Yes
client plaintext auth = Yes

    log level = 3
    log file = /var/log/samba/smbd.log
    max log size = 5000
    utmp = Yes

    os level = 255
    domain master = yes
    local master = yes
    preferred master = yes
    domain logons = no
    logon script = %U
    allow trusted domains = no
    nt acl support = no
    enhanced browsing = No
    message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' 

    name resolve order = wins lmhosts host bcast
    hide dot files = yes
    wide links = yes
    unix extensions = no
    delete veto files = yes
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes
    show add printer wizard = no

   comment =  share
   volume = share
   path = /mnt/share
   force user = user
   force group = users
   create mask = 644
   directory mask = 775
   browseable = no
   follow symlinks = Yes
   writeable = no
   read only = yes
   valid users = user

So yet again typical example of a software actually getting WORSE than 
improving over the years. I don't know who the hell felt that this was a 
good idea to deprecate this mapping option but you should consider 
putting it back and never again try to pull something like this. What 
happened to Samba? some systemD developers crawled over there to destroy 
the project with their stupidity? Next thing we gonna see on Samba 5 
hell let's change the entire config, rename all the options and why not 
just make it XML or encrypted JSON binary config to be sysadmin 
unfriendly. Great Success!

More information about the samba mailing list