Web lists-archives.com

Re: [Samba] Local user could not access share directory




2018-01-19 18:11 GMT+08:00 Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>:

> On Fri, 19 Jan 2018 17:49:42 +0800
> Younger Liu via samba <samba@xxxxxxxxxxxxxxx> wrote:
>
> > Hi,
> >   I have some doubts. I have join samba server into AD domain whose
> > contoller is Windows Server 2008 R2 Standard.
> >
>
> >
> > From wiki:
> > Keep the files entry as first source for both databases. This enables
> > NSS to look up domain users and groups from the /etc/passwd and
> > /etc/group files before querying the Winbind service.
> >
> > But when I use the same user name in "passwd" as in the domain. local
> > user could not access share directory. domain user name(likes
> > "ENAS\testuser") could access the share directory
> > Why "files winbind" in nsswitch.conf does not play a role?
> >
>
> You are using the winbind 'ad' backend, have you added anything to the
> users AD object (a uidNumber attribute for instance)
>
> You also seem to saying that you have users with the same name
> in /etc/passwd and AD, this is NOT allowed, the user should only be in
> AD.
>
> What OS are you using.
>
> ​
Using CentOS7.2

I do not add anything to users AD object.

If local users are not same to AD users, they could access the share
directory.
Only local users which in /etc/passwd have same names in AD, local users
(such as: testuser) could not access share directory, But AD users (such as:
ENAS\testuser) could access share directory. Why?

As you say, the same name in /etc/passwd and AD is not allowed. Why?
​


> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba