Perhaps a slight variant of this that would be useful would be something along the lines of "force domain = <auth domain>". The difference is that when your samba servers are part of a resource domain that is different than your authentication domain, the authentication would happen against your authentication domain, rather than the (machine only) resource domain.
Mike On Wed, 2002-10-09 at 11:00, Jon. Hallett wrote: > Attached is a patch against SAMBA_2_2 that we find useful at our site for > integrating our domain-member Samba servers with our non-domain-member clients. > > The background to this is that our Samba servers use "security = domain" > authentication for user accounts, but not all our Windows clients are > members of the domain, with the result that the clients often want to map > shares using non-domain "clientname\user" style accounts. > > The patch implements an "ignore client domain" option which forces Samba to > use the server's own domain when authenticating users, ignoring the domain > part of the username provided by the client. > > This is particularly useful for sites converting from "security = server" > to "security = domain" who don't want to go around their clients adding > domain parts to all the usernames with which they map shares. > > Hope this is of use to someone else, > > Jon.