[Samba] the relationship between AD domain users and local users

Younger Liu younger.liucn at gmail.com
Mon Jan 15 06:29:55 UTC 2018

   I have some doubts.  I have a AD server and join samba server into AD.
Configuration looks like as follows:
workgroup = ENAS
server string = SmbSrvVers
log file = /var/log/samba/log.%m
map to guest = bad user
max log size = 50
encrypt passwords = yes
security = domain
idmap config * : range = 16777216-33554431
winbind enum groups = yes
winbind enum users = yes
winbind separator = /
winbind use default domain = true
winbind offline logon = false
template shell = /bin/bash
template homedir = /home/%U
realm = ENAS.COM
netbios name = node0

NSS config:
passwd: files winbind sss
shadow: files winbind sss
group: files winbind sss

1. Create a local samba user "testuser";
2. Create the same name AD user "testuser"
3. Add "testuser" in read list of one samba share.

On the client side, I only access samba share with ad user, rather than
local user. Why?

How can i use local user to access samba share?

Best Regards!

More information about the samba mailing list