[Samba] How to Samba share with mixed Active Directory 'Classic' authentication
Mark Foley
mfoley at ohprs.org
Sat Nov 10 03:07:32 UTC 2018
I have a Samba4 AD Domain with one of the file servers as a domain member. This file server
host the main network shares for the domain. Currently, Windows users mapping this share are
authenticated using their AD domain credentials. That all works just fine.
What I want to do now is ALSO allow a user on a network host which IS NOT a domain member, and
the user is not domain users to also map/mount this share, possibly via the "Classic"
'security = user' mechanism. Can this be done? That is, can both mechanisms be accomodated somehow?
THX --Mark
Below is the current smb.conf with 'security = ADS' and various idmaps.
[global]
netbios name = OHPRSSTORAGE
# workgroup = NT-Domain-Name or Workgroup-Name, eg: LINUX2
# workgroup = WORKGROUP
# server string is the equivalent of the NT Description field
server string = HPRS NAS server
domain master = no
prefered master = no
realm = HPRS.LOCAL
workgroup = HPRS
usershare allow guests = Yes
usershare max shares = 10
security = ADS
template shell = /bin/bash
max log size = 10000
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config HPRS:backend = ad
idmap config HPRS:schema_mode = rfc2307
idmap config HPRS:range = 10000-10099
winbind enum groups = Yes
winbind enum users = Yes
winbind nss info = rfc2307
winbind offline logon = Yes
winbind refresh tickets = Yes
winbind use default domain = Yes
[public]
comment = OHPRS main file and document repository
path = /mnt/RAID/public
# for the following settings see: https://www.samba.org/samba/docs/using_samba/ch08.html
hide dot files = yes
# set o+x to mark a file as hidden (doesn't work for folders)
map hidden = yes
# User's outlook .pst files are in a folder named "outlook"
hide files = /Outlook/outlook/~*/
# locking: https://www.samba.org/samba/docs/using_samba/ch08.html
veto oplock files = /OfficeCalendar.pst/
inherit acls = yes
valid users = @"domain users"
# guest ok = yes
# guest only = yes
locking = yes
public = yes
writeable = yes
browseable= yes
printable = no
create mask = 0660
force user = ohprso
force group = ohprs
force create mode = 0660
directory mask = 2771
More information about the samba
mailing list