samba - Feb 2021 - login without domain\username

Hi thanks for your answer ! 

I already have the parameter, but from a windows client or even smbclient, the
username gets always prefixed by the machine name.

Wireshark capture : 


And the winbind seems to work only when the "domain component" is
missing from the username :

from man smb.conf : 
winbind use default domain : 
"This parameter specifies whether the winbindd(8) daemon should operate on
users without domain component in their username."

Maybe what i want to do isn't possible ? 

Cheers, 
Eric 


De: "sambalist" <samba at lists.samba.org> 
?: "sambalist" <samba at lists.samba.org> 
Envoy?: Mardi 2 F?vrier 2021 12:24:16 
Objet: Re: [Samba] login without domain\username 

On 02/02/2021 11:13, ERIC PEYREMORTE via samba wrote: 
> Hi all, 
> 
> I'm sure it's a newbie question but is it possible to allow users
on computers outside domain to connect to a share just with their login instead
of domain\login ?
> 
> Ex: when a user using an off domain computer connects to \\srv-name\share,
he has to prefix its username with the domain (domain\user).
> 
> In our previous setup with samba 3, on our domain member file server we
used that : map untrusted to domain = yes.
> 
> Now we have an AD windows server 2019, several samba4 files servers and a
single domain.
> 
> I can connect to the windows server with bogus\login or plain login, but it
doesn't work on file servers.
> 
> I know i could use the UPN, but it was to make the transition easier to
users (non technical).
> 
> If it's not possible, why isn't it ? Is it something with kerberos
of ntlm ?
> 
> Cheers 
Try adding 'winbind use default domain = yes' to the smb.conf files and 
reload Samba with 'smbcontrol all reload-config' 

If that doesn't work, please post your smb.conf 

Rowland 




-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba

On 02/02/2021 14:33, ERIC PEYREMORTE wrote:
> Hi thanks for your answer !
>
> I already have the parameter, but from a windows client or even 
> smbclient, the username gets always prefixed by the machine name.
>
> Wireshark capture :
>
>
> And the winbind seems to work only when the "domain component" is
> missing from the username :
>
> from man smb.conf :
> winbind use default domain :
> "This parameter specifies whether the winbindd(8) daemon should 
> operate on users without domain component in their username."
>
> Maybe what i want to do isn't possible ?
>
I posted this:

If that doesn't work, please post your smb.conf

Just in case you missed it:

*IF THAT DOESN'T WORK, PLEASE POST YOUR SMB.CONF*

Rowland

As far as I am aware, if you are using a Windows machine NOT joined to the
domain, you will have to provide the domain name regardless of the samba
settings otherwise it will default to the machine name.

HTH
Roy
> -----Original Message-----
> From: samba <samba-bounces at lists.samba.org> On Behalf Of ERIC
PEYREMORTE via samba
> Sent: 02 February 2021 14:33
> To: Rowland penny <rpenny at samba.org>
> Cc: sambalist <samba at lists.samba.org>
> Subject: Re: [Samba] login without domain\username
> 
> Hi thanks for your answer !
> 
> I already have the parameter, but from a windows client or even smbclient,
the username gets always prefixed by the machine name.
> 
> Wireshark capture :
> 
> 
> And the winbind seems to work only when the "domain component" is
missing from the username :
> 
> from man smb.conf :
> winbind use default domain :
> "This parameter specifies whether the winbindd(8) daemon should
operate on users without domain component in their username."
> 
> Maybe what i want to do isn't possible ?
> 
> Cheers,
> Eric
> 
> 
> De: "sambalist" <samba at lists.samba.org>
> ?: "sambalist" <samba at lists.samba.org>
> Envoy?: Mardi 2 F?vrier 2021 12:24:16
> Objet: Re: [Samba] login without domain\username
> 
> On 02/02/2021 11:13, ERIC PEYREMORTE via samba wrote:
> > Hi all,
> >
> > I'm sure it's a newbie question but is it possible to allow
users on computers outside domain to connect to a share just with their
> login instead of domain\login ?
> >
> > Ex: when a user using an off domain computer connects to
\\srv-name\share, he has to prefix its username with the domain
> (domain\user).
> >
> > In our previous setup with samba 3, on our domain member file server
we used that : map untrusted to domain = yes.
> >
> > Now we have an AD windows server 2019, several samba4 files servers
and a single domain.
> >
> > I can connect to the windows server with bogus\login or plain login,
but it doesn't work on file servers.
> >
> > I know i could use the UPN, but it was to make the transition easier
to users (non technical).
> >
> > If it's not possible, why isn't it ? Is it something with
kerberos of ntlm ?
> >
> > Cheers
> 
> Try adding 'winbind use default domain = yes' to the smb.conf files
and
> reload Samba with 'smbcontrol all reload-config'
> 
> If that doesn't work, please post your smb.conf
> 
> Rowland
> 
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba