Re: [Samba] Local user could not access share directory
- Date: Mon, 22 Jan 2018 09:32:46 +0800
- From: Younger Liu via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Local user could not access share directory
2018-01-20 17:40 GMT+08:00 Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>:
> On Sat, 20 Jan 2018 17:22:32 +0800
> Younger Liu <younger.liucn@xxxxxxxxx> wrote:
> > 2018-01-19 18:11 GMT+08:00 Rowland Penny via samba
> > > You are using the winbind 'ad' backend, have you added anything to
> > > the users AD object (a uidNumber attribute for instance)
> > >
> > > You also seem to saying that you have users with the same name
> > > in /etc/passwd and AD, this is NOT allowed, the user should only be
> > > in AD.
> > Yes, the local users in /etc/passwd has the same name as in the
> > domain.
> > I do not add anything to users AD object.
> > If local users are not same to AD users, they could access the share
> > directory.
> > Only local users which in /etc/passwd have same names in AD, local
> > users (such as:
> testuser) could not access share directory, But AD
> > users (such as: ENAS\testuser) could access share directory. Why?
> > As you say, the same name in
> /etc/passwd and AD is not allowed. Why?
> Because the local user will always be found first and the AD user
> ignored. You do not need users in
> /etc/passwd on a Unix domain member,
> you just make the AD user into Unix users by using the winbind 'ad'
> backend and ADDING a unique uidNumber attribute to the user and a
> gidNumber attribute to Domain Users, OR you can use the winbind 'rid'
> backend and you do not need to add anything to AD.
> It is all explained here:
I understand what you mean. and also know the explainations of wiki.
But, the question I met is as follow:
Local users which in /etc/passwd have same names in AD (this scenario is
for example, name is "testuser".
While access share directory, I must use"ENAS\testuser" to access share
unable to access directory using "testuser".
Although nss config is as follow:
passwd: files winbind
group: files winbind
I expect "testuser" in
/etc/passwd could access shared directory rather than "ENAS\testuser" in
when a name are both in /etc/passwd and AD.
Can you give me some advice?
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the