"map untrusted to domain = Yes" has no effect

Bug #1279226 reported by Benjamin PREISS
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

Hi,

I'm using Ubuntu server 13.10 on production environment for a Samba share.

"map untrusted to domain = Yes" with "security = ADS" must allow any BOGUS/user to connect to a share by renaming the bogus domain name to the one defined on the "realm" option. On Samba 3.6.18 I can't connect using a bogus name :
  BOGUS/user -> don't connect "NT_STATUS_LOGON_FAILURE"
  DOMAIN/user -> connect
  user -> connect

Log files can be provided if needed

# man smb.conf
       map untrusted to domain (G)

           If a client connects to smbd using an untrusted domain name, such as BOGUS\user, smbd replaces the BOGUS domain with it's SAM name before attempting to authenticate that user. In the case where
           smbd is acting as a PDC this will be DOMAIN\user. In the case where smbd is acting as a domain member server or a standalone server this will be WORKSTATION\user.

           In previous versions of Samba (pre 3.4), if smbd was acting as a domain member server, the BOGUS domain name would instead be replaced by the primary domain which smbd was a member of. In this
           case authentication would be deferred off to a DC using the credentials DOMAIN\user.

           When this parameter is set to yes smbd provides the legacy behavior of mapping untrusted domain names to the primary domain. When smbd is not acting as a domain member server, this parameter has
           no effect.

           Default: map untrusted to domain = no

# lsb_release -rd
Description: Ubuntu 13.10
Release: 13.10

# apt-cache policy samba
samba:
  Installé : 2:3.6.18-1ubuntu3.1
  Candidat : 2:3.6.18-1ubuntu3.1
 Table de version :
 *** 2:3.6.18-1ubuntu3.1 0
        500 http://archive.ubuntu.com/ubuntu/ saucy-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ saucy-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2:3.6.18-1ubuntu3 0
        500 http://archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in samba (Ubuntu):
status: New → Confirmed
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

We are sorry that we do not always have the capacity to look at all reported bugs in a timely manner. There have been many changes in Ubuntu and samba since that time you reported the bug and your problem may have been fixed with some of the updates. It would help us a lot if you could test it on a currently supported Ubuntu version (ubuntu disco, 19.04 would be great). When you test it and it is still an issue, kindly upload the updated logs by running only once:

apport-collect 1279226

and any other logs that are relevant for this particular issue.

Changed in samba (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for samba (Ubuntu) because there has been no activity for 60 days.]

Changed in samba (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.