[Samba] Local user could not access share directory
Rowland Penny
rpenny at samba.org
Sat Jan 20 09:40:39 UTC 2018
On Sat, 20 Jan 2018 17:22:32 +0800
Younger Liu <younger.liucn at gmail.com> wrote:
> 2018-01-19 18:11 GMT+08:00 Rowland Penny via samba
> > You are using the winbind 'ad' backend, have you added anything to
> > the users AD object (a uidNumber attribute for instance)
> >
> > You also seem to saying that you have users with the same name
> > in /etc/passwd and AD, this is NOT allowed, the user should only be
> > in AD.
>
> Yes, the local users in /etc/passwd has the same name as in the
> domain.
>
> I do not add anything to users AD object.
> If local users are not same to AD users, they could access the share
> directory.
>
> Only local users which in /etc/passwd have same names in AD, local
> users (such as: testuser) could not access share directory, But AD
> users (such as: ENAS\testuser) could access share directory. Why?
>
> As you say, the same name in /etc/passwd and AD is not allowed. Why?
Because the local user will always be found first and the AD user
ignored. You do not need users in /etc/passwd on a Unix domain member,
you just make the AD user into Unix users by using the winbind 'ad'
backend and ADDING a unique uidNumber attribute to the user and a
gidNumber attribute to Domain Users, OR you can use the winbind 'rid'
backend and you do not need to add anything to AD.
It is all explained here:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
Rowland
More information about the samba
mailing list