[Samba] login without domain\username

ERIC PEYREMORTE eric.peyremorte at univ-grenoble-alpes.fr
Tue Feb 2 16:49:19 UTC 2021 

De: "Roy Eastwood" <spindles7 at gmail.com> 
À: "ERIC PEYREMORTE" <eric.peyremorte at univ-grenoble-alpes.fr>, "Rowland penny" <rpenny at samba.org>, "sambalist" <samba at lists.samba.org> 
Envoyé: Mardi 2 Février 2021 16:05:56 
Objet: RE: [Samba] login without domain\username 

As far as I am aware, if you are using a Windows machine NOT joined to the domain, you will have to provide the domain name regardless of the samba settings otherwise it will default to the machine name. 

>> Yeah ! That's what i was afraid of ... There was a parameter "map untrusted to domain" which did the job but it has been removed for i guess some important reason. 

HTH 
Roy 

> -----Original Message----- 
> From: samba <samba-bounces at lists.samba.org> On Behalf Of ERIC PEYREMORTE via samba 
> Sent: 02 February 2021 14:33 
> To: Rowland penny <rpenny at samba.org> 
> Cc: sambalist <samba at lists.samba.org> 
> Subject: Re: [Samba] login without domain\username 
> 
> Hi thanks for your answer ! 
> 
> I already have the parameter, but from a windows client or even smbclient, the username gets always prefixed by the machine name. 
> 
> Wireshark capture : 
> 
> 
> And the winbind seems to work only when the "domain component" is missing from the username : 
> 
> from man smb.conf : 
> winbind use default domain : 
> "This parameter specifies whether the winbindd(8) daemon should operate on users without domain component in their username." 
> 
> Maybe what i want to do isn't possible ? 
> 
> Cheers, 
> Eric 
> 
> 
> De: "sambalist" <samba at lists.samba.org> 
> À: "sambalist" <samba at lists.samba.org> 
> Envoyé: Mardi 2 Février 2021 12:24:16 
> Objet: Re: [Samba] login without domain\username 
> 
> On 02/02/2021 11:13, ERIC PEYREMORTE via samba wrote: 
> > Hi all, 
> > 
> > I'm sure it's a newbie question but is it possible to allow users on computers outside domain to connect to a share just with their 
> login instead of domain\login ? 
> > 
> > Ex: when a user using an off domain computer connects to \\srv-name\share, he has to prefix its username with the domain 
> (domain\user). 
> > 
> > In our previous setup with samba 3, on our domain member file server we used that : map untrusted to domain = yes. 
> > 
> > Now we have an AD windows server 2019, several samba4 files servers and a single domain. 
> > 
> > I can connect to the windows server with bogus\login or plain login, but it doesn't work on file servers. 
> > 
> > I know i could use the UPN, but it was to make the transition easier to users (non technical). 
> > 
> > If it's not possible, why isn't it ? Is it something with kerberos of ntlm ? 
> > 
> > Cheers 
> 
> Try adding 'winbind use default domain = yes' to the smb.conf files and 
> reload Samba with 'smbcontrol all reload-config' 
> 
> If that doesn't work, please post your smb.conf 
> 
> Rowland 
> 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the 
> instructions: https://lists.samba.org/mailman/options/samba 
> -- 
> To unsubscribe from this list go to the following URL and read the 
> instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list