Web lists-archives.com

Re: [Samba] Local user could not access share directory




On Sat, 20 Jan 2018 17:22:32 +0800
Younger Liu <younger.liucn@xxxxxxxxx> wrote:

> 2018-01-19 18:11 GMT+08:00 Rowland Penny via samba
> > You are using the winbind 'ad' backend, have you added anything to
> > the users AD object (a uidNumber attribute for instance)
> >
> > You also seem to saying that you have users with the same name
> > in /etc/passwd and AD, this is NOT allowed, the user should only be
> > in AD.
> 
> Yes,  the local users in /etc/passwd has the same name as in the
> domain.
> 
> I do not add anything to users AD object.
> If local users are not same to AD users, they could access the share
> directory.
> 
> Only local users which in /etc/passwd have same names in AD, local
> users (such as: testuser) could not access share directory, But AD
> users (such as: ENAS\testuser) could access share directory. Why?
> 
> As you say, the same name in /etc/passwd and AD is not allowed. Why?

Because the local user will always be found first and the AD user
ignored. You do not need users in /etc/passwd on a Unix domain member,
you just make the AD user into Unix users by using the winbind 'ad'
backend and ADDING a unique uidNumber attribute to the user and a
gidNumber attribute to Domain Users, OR you can use the winbind 'rid'
backend and you do not need to add anything to AD.

It is all explained here:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Rowland
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba