Web lists-archives.com

Re: [Samba] Samba as AD controller and local auth




On 19/05/2019 09:27, David Puffer via samba wrote:
Hello all,

I have been breaking my head about this for several days now - what seems to be something “easy” to do (or at least I suppose others would also encounter this problem) simply does not work: I am running a Samba Active Directory Domain Controller on my Synology NAS.

How did you create the AD DC ?

Did you provision it ?

Since I installed and set up the AD DC, local user authentication for shares is not working anymore.
Define 'local user authentication'

Before: Simple Samba shares with authentication against local samba users -> worked
Sounds like it was a standalone server
After: Only domain user authentication works.
Now here is the thing, it is now an AD DC, so any user that connects will need to be a Domain user.

The global section of smb.conf:

[global]
	include = /var/packages/ActiveDirectoryServer/conf/etc/smb.tls.conf
	printcap name = cups
	winbind enum groups = yes
	include = /var/tmp/nginx/smb.netbios.aliases.conf
	workgroup = <MYDOMAIN>
	server services = rpc,nbt,wrepl,ldap,cldap,kdc,drepl,ntp_signd,kcc,dnsupdate
	local master = no
	realm = <FQDN_IF_MYDOMAIN>
	netbios name = SYNOLOGY
	private dir = /var/packages/ActiveDirectoryServer/target/private
	server role = active directory domain controller
	printing = cups
	max protocol = SMB2
	winbind enum users = yes
	load printers = yes
	log level = 10

Why have you mangled your smb.conf, for instance, what is in 'smb.netbios.aliases.conf' ?

Are you aware that there is no network browsing with a Samba AD DC ?

Fix your smb.conf, understand that your users will now need to be stored in AD and you should get things to work.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba