samba - Feb 2021 - login without domain\username

Hi all, 

I'm sure it's a newbie question but is it possible to allow users on
computers outside domain to connect to a share just with their login instead of
domain\login ?

Ex: when a user using an off domain computer connects to \\srv-name\share, he
has to prefix its username with the domain (domain\user).

In our previous setup with samba 3, on our domain member file server we used
that : map untrusted to domain = yes.

Now we have an AD windows server 2019, several samba4 files servers and a single
domain.

I can connect to the windows server with bogus\login or plain login, but it
doesn't work on file servers.

I know i could use the UPN, but it was to make the transition easier to users
(non technical).

If it's not possible, why isn't it ? Is it something with kerberos of
ntlm ?

Cheers

On 02/02/2021 11:13, ERIC PEYREMORTE via samba wrote:
> Hi all,
>
> I'm sure it's a newbie question but is it possible to allow users
on computers outside domain to connect to a share just with their login instead
of domain\login ?
>
> Ex: when a user using an off domain computer connects to \\srv-name\share,
he has to prefix its username with the domain (domain\user).
>
> In our previous setup with samba 3, on our domain member file server we
used that : map untrusted to domain = yes.
>
> Now we have an AD windows server 2019, several samba4 files servers and a
single domain.
>
> I can connect to the windows server with bogus\login or plain login, but it
doesn't work on file servers.
>
> I know i could use the UPN, but it was to make the transition easier to
users (non technical).
>
> If it's not possible, why isn't it ? Is it something with kerberos
of ntlm ?
>
> Cheers
Try adding 'winbind use default domain = yes' to the smb.conf files and 
reload Samba with 'smbcontrol all reload-config'

If that doesn't work, please post your smb.conf

Rowland