[Samba] username map with “security = ads”
Rowland Penny
rpenny at samba.org
Thu May 2 13:04:14 UTC 2019
On Thu, 2 May 2019 14:27:32 +0200
Philipp Gesang <philipp.gesang at intra2net.com> wrote:
> with
>
> server role = member server
> security = user
The 'security = user' overrides the 'server role = member server'
It is a 'standalone server'
What is more, unless you have changed the workgroup, you now have a
'workgroup' and a 'domain' with the same name.
>
> I can logon with smbclient as local user using username%password.
Well, yes, you would be able to, because it is a standalone server.
> With
>
> server role = member server
> security = ads
>
> and all other things being equal, I can’t (“session setup failed:
> NT_STATUS_NO_LOGON_SERVERS”). This is from a client without any
> domain awareness whatsoever.
Just adding 'security = ads' doesn't make a computer a domain member,
you have to join it to the domain and if it isn't a domain member, it
wouldn't be able to find the DC.
> > Whilst you do not want to put your local users into AD, this might
> > be your easiest and best way out of your problem. Create an AD
> > group and add all your 'local unix users' to this group, then only
> > allow access to the Samba shares to members of this group.
>
> Wouldn’t that also imply that accesses need to authenticate
> against AD?
Yes, but why would this be a problem ?
Rowland
More information about the samba
mailing list