Can I login file server by using linux local user account when role=active directory domain controller ?

Thu Oct 17 04:55:28 MDT 2013

On 17/10/13 11:42, hyoscar wu wrote:
> Thanks for your answer.
>
> Both smb.conf's on the same machine.
> I stop standalone file server , remove smb.conf ,run samba-tool domain 
> provision ,add [TEST1] in new smb.conf and run samba.
>
>
>
>
> 2013/10/17 Rowland Penny <repenny241155 at gmail.com 
> <mailto:repenny241155 at gmail.com>>
>
>     On 17/10/13 11:28, hyoscar wu wrote:
>>     standalone smb.conf
>>     -----------------------------------------------------------------
>>     [global]
>>     passdb backend = smbpasswd
>>     workgroup = WORKGROUP
>>             security=user
>>             server string=NAS Server
>>             encrypt passwords = Yes
>>             smb passwd file=/etc/config/smbpasswd
>>             guest account = guest
>>     server role = STANDALONE
>>     [TEST1]
>>     path = /share/test1
>>     read only = no
>>
>>     ADDC smb.conf
>>     -----------------------------------------------------------------
>>     [global]
>>             workgroup = AAA
>>             realm = aaa.bbb
>>             netbios name = NASC9E026
>>             server role = active directory domain controller
>>             dns forwarder = 10.8.2.11
>>
>>     [netlogon]
>>             path = /mnt/HDA_ROOT/samba/var/locks/sysvol/aaa.bbb/scripts
>>             read only = No
>>
>>     [sysvol]
>>             path = /mnt/HDA_ROOT/samba/var/locks/sysvol
>>             read only = No
>>
>>     [TEST1]
>>     path = /share/test1
>>     read only = no
>>     --------------------------------------------------------------------
>>
>>     Can samba4 use multip backend when samba4 be ADDC ?
>>
>>
>>
>>     2013/10/17 Rowland Penny <repenny241155 at gmail.com
>>     <mailto:repenny241155 at gmail.com>>
>>
>>         On 17/10/13 11:10, hyoscar wu wrote:
>>
>>             Sorry for my too simple description,
>>
>>             Before enabling samba4 ADDC, I run samba4 as a standalone
>>             file server and
>>             passdb backend=smbpasswd .
>>             I create the same accounts in /etc/passwd and smbpasswd file.
>>
>>             Can I login file server by using smbpasswd account (non
>>             domain account)
>>             when samba4 role = ADDC ?
>>
>>
>>
>>         Hi, if you have provisioned Samba 4 and it is now running as
>>         an Active Directory server, then no, you do not have local
>>         users, they all need to be domain users.
>>
>>         It might help if you posted your smb.conf
>>
>>         Rowland
>>
>>
>     Are both smb.conf's on the same machine ?
>
>     In answer to your question, Samba 4 can only use one backend, it
>     can be a domain controller (this will use the samba daemon, which
>     will start the smbd daemon. It can also be used in the same way as
>     Samba 3.x (this will use the smbd & nmbd daemons and optionally
>     the winbind deamon), but you cannot use them both at the same time.
>
>     Rowland
>
>
OK, as I said, you can only have one smb.conf and as you have run 
samba-tool provision, your samba server is now running as an Active 
Directory server and any Linux computers need to be joined to the 
domain, just as if they were windows clients.

This usually means installing samba on the Linux clients, setting this 
up with 'security = ADS' in smb.conf on the client and then joining the 
machine to the domain, see here (its a bit outdated, but will give you 
the idea):

https://wiki.samba.org/index.php/Samba_%26_Active_Directory

Rowland