Web lists-archives.com

Re: [Samba] Samba as AD controller and local auth

On 19/05/2019 09:27, David Puffer via samba wrote:
Hello all,

I have been breaking my head about this for several days now - what seems to be something “easy” to do (or at least I suppose others would also encounter this problem) simply does not work: I am running a Samba Active Directory Domain Controller on my Synology NAS.

How did you create the AD DC ?

Did you provision it ?

Since I installed and set up the AD DC, local user authentication for shares is not working anymore.
Define 'local user authentication'

Before: Simple Samba shares with authentication against local samba users -> worked
Sounds like it was a standalone server
After: Only domain user authentication works.
Now here is the thing, it is now an AD DC, so any user that connects will need to be a Domain user.

The global section of smb.conf:

	include = /var/packages/ActiveDirectoryServer/conf/etc/smb.tls.conf
	printcap name = cups
	winbind enum groups = yes
	include = /var/tmp/nginx/smb.netbios.aliases.conf
	workgroup = <MYDOMAIN>
	server services = rpc,nbt,wrepl,ldap,cldap,kdc,drepl,ntp_signd,kcc,dnsupdate
	local master = no
	netbios name = SYNOLOGY
	private dir = /var/packages/ActiveDirectoryServer/target/private
	server role = active directory domain controller
	printing = cups
	max protocol = SMB2
	winbind enum users = yes
	load printers = yes
	log level = 10

Why have you mangled your smb.conf, for instance, what is in 'smb.netbios.aliases.conf' ?

Are you aware that there is no network browsing with a Samba AD DC ?

Fix your smb.conf, understand that your users will now need to be stored in AD and you should get things to work.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba