[Samba] How to Samba share with mixed Active Directory 'Classic' authentication

Luke Barone lukebarone at gmail.com
Sat Nov 10 03:46:18 UTC 2018


Uhhh, what is wrong with how Active Directory is running? I have plenty of
machines that are and are not attached to various NT-style and AD-style
domains, hosted by Samba, and I can access the files I want.

On Fri, Nov 9, 2018 at 7:35 PM Mark Foley via samba <samba at lists.samba.org>
wrote:

> I have a Samba4 AD Domain with one of the file servers as a domain member.
> This file server
> host the main network shares for the domain. Currently, Windows users
> mapping this share are
> authenticated using their AD domain credentials. That all works just fine.
>
> What I want to do now is ALSO allow a user on a network host which IS NOT
> a domain member, and
> the user is not domain users to also map/mount this share, possibly via
> the "Classic"
> 'security = user' mechanism. Can this be done? That is, can both
> mechanisms be accomodated somehow?
>
> THX --Mark
>
> Below is the current smb.conf with 'security = ADS' and various idmaps.
>
> [global]
> netbios name = OHPRSSTORAGE
>
> # workgroup = NT-Domain-Name or Workgroup-Name, eg: LINUX2
> #   workgroup = WORKGROUP
>
> # server string is the equivalent of the NT Description field
>    server string = HPRS NAS server
>
> domain master = no
> prefered master = no
>
> realm = HPRS.LOCAL
> workgroup = HPRS
> usershare allow guests = Yes
> usershare max shares = 10
> security = ADS
> template shell = /bin/bash
>
> max log size = 10000
>
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
> idmap config HPRS:backend = ad
> idmap config HPRS:schema_mode = rfc2307
> idmap config HPRS:range = 10000-10099
>
> winbind enum groups = Yes
> winbind enum users = Yes
> winbind nss info = rfc2307
> winbind offline logon = Yes
> winbind refresh tickets = Yes
> winbind use default domain = Yes
>
> [public]
> comment = OHPRS main file and document repository
> path = /mnt/RAID/public
>
> # for the following settings see:
> https://www.samba.org/samba/docs/using_samba/ch08.html
> hide dot files = yes
> # set o+x to mark a file as hidden (doesn't work for folders)
> map hidden = yes
> # User's outlook .pst files are in a folder named "outlook"
> hide files = /Outlook/outlook/~*/
>
> # locking: https://www.samba.org/samba/docs/using_samba/ch08.html
> veto oplock files = /OfficeCalendar.pst/
>
> inherit acls = yes
> valid users = @"domain users"
>
> # guest ok = yes
> # guest only = yes
>
> locking = yes
> public = yes
> writeable = yes
> browseable= yes
> printable = no
> create mask = 0660
> force user = ohprso
> force group = ohprs
> force create mode = 0660
> directory mask = 2771
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list