While a Samba Server 3.0.37 respects failover to a user not known in the domain but smbpasswd file, the same does not work in 3.6.x. It seems that Samba 3.6 does not recognise "sam_ignoredomain" anymore, which is not documented in release notes. This failover feature is highly wanted. smb.conf (3.0.37): auth methods = sam_ignoredomain ntdomain smb.conf (3.6.3): passdb backend = smbpasswd auth methods = sam_ignoredomain ntdomain Listening with "smbd -i -d3" reveals: Samba 3.0: check_ntlm_password: Checking password for unmapped user []\[xxx]@[YYY] with the new password interface check_ntlm_password: mapped user is: [DDD]\[xxx]@[YYY] check_ntlm_password: sam_ignoredomain authentication for user [xxx] succeeded ... Samba 3.6: check_ntlm_password: Checking password for unmapped user [DDD]\[xxx]@[YYY] with the new password interface check_ntlm_password: mapped user is: [DDD]\[xxx]@[YYY] Forcing Primary Group to 'Domain Users' for service ntlm_password_check: NTLMv2 password check failed ntlm_password_check: Lanman passwords NOT PERMITTED for user service ntlm_password_check: LM password, NT MD4 password in LM field and LMv2 failed for user service get_dc_list: preferred server list: "SSS, *" resolve_lmhosts: Attempting lmhosts lookup for name SSS<0x20> ... domain_client_validate: unable to validate password for user xxx in domain DDD to Domain controller SSS. Error was NT_STATUS_NO_SUCH_USER. check_ntlm_password: Authentication for user [xxx] -> [xxx] FAILED with error NT_STATUS_NO_SUCH_USER
auth methods is gone in recent releases and everything should work as expected automatically...