If a client connects to smbd using an untrusted domain name, such as BOGUS\user, smbd replaces the BOGUS domain with it's SAM name before attempting to authenticate that user. In the case where smbd is acting as a PDC this will be DOMAIN\user. In the case where smbd is acting as a domain member server or a standalone server this will be WORKSTATION\user. In previous versions of Samba (pre 3.4), if smbd was acting as a domain member server, the BOGUS domain name would instead be replaced by the primary domain which smbd was a member of. In this case authentication would be deferred off to a DC using the credentials DOMAIN\user. When this parameter is set to yes smbd provides the legacy behavior of mapping untrusted domain names to the primary domain. When smbd is not acting as a domain member server, this parameter has no effect. no