[Samba] Local user could not access share directory

Younger Liu younger.liucn at gmail.com
Fri Jan 19 09:49:42 UTC 2018

  I have some doubts. I have join samba server into AD domain whose
contoller is Windows Server 2008 R2 Standard.

Reference documents

/etc/samba/smb.conf looks like as follow:
workgroup = ENAS
server string = SmbSrvVers
log file = /var/log/samba/log.%m
map to guest = bad user
max log size = 50
encrypt passwords = yes
security = ADS
winbind enum groups = yes
winbind enum users = yes
winbind separator = /
winbind use default domain = true
winbind offline logon = false
template shell = /bin/bash
template homedir = /home/%U
idmap config * : range = 3000-7999
idmap config ENAS: backend = ad
idmap config ENAS: schema = template
idmap config ENAS: range= 10000-99999
realm = ENAS.COM
netbios name = node0

passwd: files winbind
group: files winbind

>From wiki:
Keep the files entry as first source for both databases. This enables
NSS to look up domain users and groups from the /etc/passwd and
/etc/group files before querying the Winbind service.

But when I use the same user name in "passwd" as in the domain. local
user could not access share directory. domain user name(likes
"ENAS\testuser") could access the share directory
Why "files winbind" in nsswitch.conf does not play a role?

Best Regards!

More information about the samba mailing list