[Samba] Override unjoined computername with SAMDOM to allow connection to share

Alex peter.alexander99 at gmail.com
Wed Aug 2 18:05:33 UTC 2023


I have a Samba 4 domain (separate DC and file server), with a bunch of
Win/Mac/Lin domain joined machines, everything works on that side.

I have a machine with a read-only SOC which can't take a \ or @ in the
username, and in the samba file server logs, I see it is authenticating
with it's computername in place of the domain:

[2023/08/02 09:46:24.265533,  3]
  check_ntlm_password:  Checking password for unmapped user
[]\[USERNAME]@[computername] with the new password interface
[2023/08/02 09:46:24.265596,  3]
  check_ntlm_password:  mapped user is: []\[USERNAME]@[computername]
[2023/08/02 09:46:24.269665,  3]
  check_sam_security: Couldn't find user 'USERNAME' in passdb.
[2023/08/02 09:46:24.269763,  2]
  check_ntlm_password:  Authentication for user [USERNAME] -> [USERNAME]
FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1

Is there a way I can map the USERNAME at computername to USERNAME at SAMDOM, such
as with a username map file or other mechanism?

Other unjoined devices can map the same share without issues, but they
allow me to authenticate as SAMDOM\username or username at samdom.tld.



More information about the samba mailing list