[Samba] Local user could not access share directory

Rowland Penny rpenny at samba.org
Thu Jan 25 09:26:45 UTC 2018

On Thu, 25 Jan 2018 08:24:42 +0800
Younger Liu <younger.liucn at gmail.com> wrote:

> 2018-01-22 17:16 GMT+08:00
> Rowland Penny via samba <samba at lists.samba.org>:
> >
> >
> >
> > I thought I already had, remove the duplicate users
> > from /etc/passwd, change to the
> > winbind 'rid' backend and your AD users will become Unix
> > users as well.
> > If you don't want the DOMAIN at the start of the username and you
> > only have one AD domain, add this to smb.conf:
> >
> > winbind use default domain = yes
>   tks Rowland.
>   I have esolved this problem. add configurations:
>     winbind use default domain = no

That is the default setting, so you do not need to explicitly set it.
>     using winbind 'rid' backend
>   It would distinguishes two kinds of users. Domain users look likes
> "DOMAIN\username", and local users look likes "username". Although
> they have same username, their IDs are not different.

Yes, but are they actually the same users, i.e. is local Unix user
'fred' the same user as AD user 'fred' ?

If they are, then the AD user 'fred' will be denied access to files
owned by the local Unix user 'fred'.

You will also have two points of administration of users and groups.

This is not a good idea, especially if you consider that because you
are using the 'rid' backend, ALL your users are now Unix users.


More information about the samba mailing list