Thanks for your answer Rand
I just ran few test and I don’t understand :
from a mac which is not in my windows domain : I can see that mappedDomain by default is the good one. Just providing login on my mac without domain name is working to access a samba share.
From a windows workstation not in my windows domain : providing login without domain is not working. Providing domain\login and i will get the access to the network share
Why it is working on a mac and not windows ? I don’t really understand. That means : you’re a mac user not in the domain : just providing your login to access the network share and it will work. You’re a windows user not in the domain : please provide credential such as domain\user otherwise it won’t work
detail log with a mac (mappedDomain and clientDomain get the good domain name by default) :
{
"audit_id": "32c7f337-d141-426b-94bd-1d435b31e101",
"message_timestamp": 1715868370,
"timestamp": {
"$date": 1715868370000
},
"address": "172.20.200.13",
"username": "foo",
"session": "",
"service": "SMB",
"service_data": {
"vers": {
"major": 0,
"minor": 1
},
"service": null,
"session_id": null,
"tcon_id": null
},
"event": "AUTHENTICATION",
"event_data": {
"logonId": "0",
"logonType": 3,
"localAddress": "ipv4:172.20.200.53:445",
"remoteAddress": "ipv4:172.20.202.13:58420",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "OSU",
"clientAccount": "foo",
"workstation": "CANETTE",
"becameAccount": "foo",
"becameDomain": "OSU",
"becameSid": "S-1-5-21-1096999570-2198697884-94848477-1514",
"mappedAccount": "foo",
"mappedDomain": "OSU",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv2",
"clientPolicyAccessCheck": null,
"serverPolicyAccessCheck": null,
"vers": {
"major": 0,
"minor": 1
},
"result": {
"type": "NTSTATUS",
"value_raw": 0,
"value_parsed": "SUCCESS"
}
},
"success": true
},
detail log with a windows (mappedDomain and clientDomain get the workstation name by default):
{
"audit_id": "54d83e55-d24a-41a4-a422-457a21747323",
"message_timestamp": 1715869969,
"timestamp": {
"$date": 1715869969000
},
"address": "172.20.202.23",
"username": "foo",
"session": "",
"service": "SMB",
"service_data": {
"vers": {
"major": 0,
"minor": 1
},
"service": null,
"session_id": null,
"tcon_id": null
},
"event": "AUTHENTICATION",
"event_data": {
"logonId": "0",
"logonType": 3,
"localAddress": "ipv4:172.20.200.53:445",
"remoteAddress": "ipv4:172.20.202.23:62394",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "PCP",
"clientAccount": "foo",
"workstation": "PCP",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "foo",
"mappedDomain": "PCP",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv2",
"clientPolicyAccessCheck": null,
"serverPolicyAccessCheck": null,
"vers": {
"major": 0,
"minor": 1
},
"result": {
"type": "NTSTATUS",
"value_raw": 3221225581,
"value_parsed": "NT_STATUS_LOGON_FAILURE"
}
},
"success": false
},