Web lists-archives.com

Re: [Samba] Local user could not access share directory




On Thu, 25 Jan 2018 08:24:42 +0800
Younger Liu <younger.liucn@xxxxxxxxx> wrote:

> 2018-01-22 17:16 GMT+08:00
> Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>:
> >
> >
> >
> > I thought I already had, remove the duplicate users
> > from /etc/passwd, change to the
> > winbind 'rid' backend and your AD users will become Unix
> > users as well.
> > If you don't want the DOMAIN at the start of the username and you
> > only have one AD domain, add this to smb.conf:
> >
> > winbind use default domain = yes
> 
>   tks Rowland.
>   I have esolved this problem. add configurations:
>     winbind use default domain = no

That is the default setting, so you do not need to explicitly set it.
 
>     using winbind 'rid' backend
>   It would distinguishes two kinds of users. Domain users look likes
> "DOMAIN\username", and local users look likes "username". Although
> they have same username, their IDs are not different.

Yes, but are they actually the same users, i.e. is local Unix user
'fred' the same user as AD user 'fred' ?

If they are, then the AD user 'fred' will be denied access to files
owned by the local Unix user 'fred'.

You will also have two points of administration of users and groups.

This is not a good idea, especially if you consider that because you
are using the 'rid' backend, ALL your users are now Unix users.

Rowland



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba