Welcome to the complexities foisted on us by the good folks in Redmond.
As with so many things in this area, the answer is "it depends". There are 4 different styles of back-end interaction during authentication (user, domain, server, and ads). AFAIK, these all expect a username/password combo from the client machine that is logging in; I think that the FQDN part is not needed (or allowed) in the
/etc/samba/smbusers mapping file.
Recent versions of the Samba suite allow you to turn on detailed logging for particular portions of the SMB interaction; I think you have reached the point where that is your best option to find out what is going on. My guess is that the client computer is attempting a logon, being rejected, and then asking the user to supply credentials. To examine whether this is actually the case, you can set the log level for
smbd in the configuration file:
Code:
log level 1 passdb:5 auth:5
After this, restart
smbd, and have one of the client machines attempt access to one of the shares. This should produce a detailed logfile trace of what is happening inside
smbd; from that, you can infer whether your mappings are working or not.