[Bug 1279226] [NEW] "map untrusted to domain = Yes" has no effect

Benjamin PREISS Wed, 12 Feb 2014 00:16:14 -0800

Public bug reported:

Hi,


I'm using Ubuntu server 13.10 on production environment for a Samba
share.

"map untrusted to domain = Yes" with "security = ADS" must allow any BOGUS/user 
to connect to a share by renaming the bogus domain name to the one defined on 
the "realm" option. On Samba 3.6.18 I can't connect using a bogus name :
  BOGUS/user    -> don't connect "NT_STATUS_LOGON_FAILURE"
  DOMAIN/user -> connect
  user                   -> connect

Log files can be provided if needed


# man smb.conf
       map untrusted to domain (G)

           If a client connects to smbd using an untrusted domain name, such as 
BOGUS\user, smbd replaces the BOGUS domain with it's SAM name before attempting 
to authenticate that user. In the case where
           smbd is acting as a PDC this will be DOMAIN\user. In the case where 
smbd is acting as a domain member server or a standalone server this will be 
WORKSTATION\user.

           In previous versions of Samba (pre 3.4), if smbd was acting as a 
domain member server, the BOGUS domain name would instead be replaced by the 
primary domain which smbd was a member of. In this
           case authentication would be deferred off to a DC using the 
credentials DOMAIN\user.

           When this parameter is set to yes smbd provides the legacy behavior 
of mapping untrusted domain names to the primary domain. When smbd is not 
acting as a domain member server, this parameter has
           no effect.

           Default: map untrusted to domain = no


# lsb_release -rd
Description:    Ubuntu 13.10
Release:        13.10

# apt-cache policy samba
samba:
  Installé : 2:3.6.18-1ubuntu3.1
  Candidat : 2:3.6.18-1ubuntu3.1
 Table de version :
 *** 2:3.6.18-1ubuntu3.1 0
        500 http://archive.ubuntu.com/ubuntu/ saucy-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ saucy-security/main amd64 
Packages
        100 /var/lib/dpkg/status
     2:3.6.18-1ubuntu3 0
        500 http://archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages

** Affects: samba (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: ads domain map samba to untrusted

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1279226

Title:
  "map untrusted to domain = Yes" has no effect

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1279226/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1279226] [NEW] "map untrusted to domain = Yes" has no effect

Reply via email to