Web lists-archives.com

Re: [Samba] Local user could not access share directory




2018-01-20 17:40 GMT+08:00 Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>:

> On Sat, 20 Jan 2018 17:22:32 +0800
> Younger Liu <younger.liucn@xxxxxxxxx> wrote:
>
> > 2018-01-19 18:11 GMT+08:00 Rowland Penny via samba
> > > You are using the winbind 'ad' backend, have you added anything to
> > > the users AD object (a uidNumber attribute for instance)
> > >
> > > You also seem to saying that you have users with the same name
> > > in /etc/passwd and AD, this is NOT allowed, the user should only be
> > > in AD.
> >
> > Yes,  the local users in /etc/passwd has the same name as in the
> > domain.
> >
> > I do not add anything to users AD object.
> > If local users are not same to AD users, they could access the share
> > directory.
> >
> > Only local users which in /etc/passwd have same names in AD, local
> > users (such as:
> ​​
> testuser) could not access share directory, But AD
> > users (such as: ENAS\testuser) could access share directory. Why?
> >
> > As you say, the same name in
> ​​
> /etc/passwd and AD is not allowed. Why?
>
> Because the local user will always be found first and the AD user
> ignored. You do not need users in
> ​​
> /etc/passwd on a Unix domain member,
> you just make the AD user into Unix users by using the winbind 'ad'
> backend and ADDING a unique uidNumber attribute to the user and a
> gidNumber attribute to Domain Users, OR you can use the winbind 'rid'
> backend and you do not need to add anything to AD.
>
> It is all explained here:
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member​;


​I understand what yo​u mean. and also know the explainations of wiki.
But, the question I met is as follow:
   Local users which in /etc/passwd have same names in AD (this scenario is
possible).
for example, name is "testuser".
   While access share directory, I must use"ENAS\testuser" to access share
directory,
unable to access directory using "testuser".
  Although nss config is as follow:
...
passwd: files winbind
group: files winbind
...

   I expect "testuser" in
​
 /etc/passwd  could access shared directory rather than "ENAS\testuser" in
AD,
when a name are both in /etc/passwd and AD.

  Can you give me some advice?



> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba