Web lists-archives.com

Re: [Samba] is "map untrusted to domain" possible?




2018-06-29 15:12 GMT+08:00 Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>:
> On Fri, 29 Jun 2018 12:56:33 +0800
> d tbsky via samba <samba@xxxxxxxxxxxxxxx> wrote:
>
>> hi:
>>
>>    at RHEL 7.4 we had used "map untrusted to domain = yes". so users
>> can login with "username" instead of "sam-dom\username".
>>
>>    after upgrade to RHEL 7.5, samba version upgrade from 4.6 to 4.7.
>> now "map untrusted to domain = yes" or "map untrusted to domain =
>> auto" are not working.
>>
>>    can we still let user to use "usename" instead of
>> "sam-dom\username" like old days?
>>
>>    thanks a lot for help!!
>>
>
> The default for 'map untrusted to domain' was changed from 'no' to
> 'auto' when 4.7.0 was released, but setting it to 'yes' should still
> work.
>
> Can you please post the '[global]' portion of your smb.conf.
>
> Rowland

hi:
 samba file server global configuration below:

[global]
   workgroup = SAM-DOM
   netbios name = file
   # password server = DC.AD.SAM-DOM.EXAMPLE.COM
   realm = AD.SAM-DOM.EXAMPLE.COM
   security = ads

   idmap config *:backend = tdb
   idmap config *:range = 1000000-1999999

   idmap config SAM-DOM:backend = ad
   idmap config SAM-DOM:default = yes
   idmap config SAM-DOM:range = 1000-999999
   idmap config SAM-DOM:schema_mode = rfc2307

   winbind enum users = yes
   winbind enum groups = yes
   winbind nested groups = yes
   winbind use default domain = yes
   winbind offline logon = no
   obey pam restrictions = no

   winbind nss info = template
   template homedir = /share/samba/home/%U
   template shell = /bin/bash

   lanman auth = yes
   map untrusted to domain = yes

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba