hi: at RHEL 7.4 we had used "map untrusted to domain = yes". so users can login with "username" instead of "sam-dom\username". after upgrade to RHEL 7.5, samba version upgrade from 4.6 to 4.7. now "map untrusted to domain = yes" or "map untrusted to domain auto" are not working. can we still let user to use "usename" instead of "sam-dom\username" like old days? thanks a lot for help!!
On Fri, 29 Jun 2018 12:56:33 +0800 d tbsky via samba <samba at lists.samba.org> wrote:> hi: > > at RHEL 7.4 we had used "map untrusted to domain = yes". so users > can login with "username" instead of "sam-dom\username". > > after upgrade to RHEL 7.5, samba version upgrade from 4.6 to 4.7. > now "map untrusted to domain = yes" or "map untrusted to domain > auto" are not working. > > can we still let user to use "usename" instead of > "sam-dom\username" like old days? > > thanks a lot for help!! >The default for 'map untrusted to domain' was changed from 'no' to 'auto' when 4.7.0 was released, but setting it to 'yes' should still work. Can you please post the '[global]' portion of your smb.conf. Rowland
2018-06-29 15:12 GMT+08:00 Rowland Penny via samba <samba at lists.samba.org>:> On Fri, 29 Jun 2018 12:56:33 +0800 > d tbsky via samba <samba at lists.samba.org> wrote: > >> hi: >> >> at RHEL 7.4 we had used "map untrusted to domain = yes". so users >> can login with "username" instead of "sam-dom\username". >> >> after upgrade to RHEL 7.5, samba version upgrade from 4.6 to 4.7. >> now "map untrusted to domain = yes" or "map untrusted to domain >> auto" are not working. >> >> can we still let user to use "usename" instead of >> "sam-dom\username" like old days? >> >> thanks a lot for help!! >> > > The default for 'map untrusted to domain' was changed from 'no' to > 'auto' when 4.7.0 was released, but setting it to 'yes' should still > work. > > Can you please post the '[global]' portion of your smb.conf. > > Rowlandhi: samba file server global configuration below: [global] workgroup = SAM-DOM netbios name = file # password server = DC.AD.SAM-DOM.EXAMPLE.COM realm = AD.SAM-DOM.EXAMPLE.COM security = ads idmap config *:backend = tdb idmap config *:range = 1000000-1999999 idmap config SAM-DOM:backend = ad idmap config SAM-DOM:default = yes idmap config SAM-DOM:range = 1000-999999 idmap config SAM-DOM:schema_mode = rfc2307 winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind use default domain = yes winbind offline logon = no obey pam restrictions = no winbind nss info = template template homedir = /share/samba/home/%U template shell = /bin/bash lanman auth = yes map untrusted to domain = yes
Apparently Analagous Threads
- is "map untrusted to domain" possible?
- is "map untrusted to domain" possible?
- is "map untrusted to domain" possible?
- Cannot authenticate as guest to domain-joined Samba 4.7.0 fileserver when map untrusted to domain = auto
- Cannot authenticate as guest to domain-joined Samba 4.7.0 fileserver when map untrusted to domain = auto