[Samba] How to Samba share with mixed Active Directory 'Classic' authentication
Mark Foley
mfoley at ohprs.org
Sun Nov 11 03:49:46 UTC 2018
I too have a dozen Windows and 3 Linux computers connected to the AD domain. I'm wanting to
connect a device that does not support AD, but it does do Samba Classic and I want it to be
able to access a share on the Samba-server domain member which currently uses AD authentication
only, per my listed smb.conf.
--Mark
-----Original Message-----
> On Fri, 9 Nov 2018 19:46:18 -0800 From: Luke Barone wrote:
>
> On Fri, Nov 9, 2018 at 7:35 PM Mark Foley via samba <samba at lists.samba.org>
> wrote:
>
> > I have a Samba4 AD Domain with one of the file servers as a domain member.
> > This file server
> > host the main network shares for the domain. Currently, Windows users
> > mapping this share are
> > authenticated using their AD domain credentials. That all works just fine.
> >
> > What I want to do now is ALSO allow a user on a network host which IS NOT
> > a domain member, and
> > the user is not domain users to also map/mount this share, possibly via
> > the "Classic"
> > 'security = user' mechanism. Can this be done? That is, can both
> > mechanisms be accomodated somehow?
> >
> > THX --Mark
> >
> > Below is the current smb.conf with 'security = ADS' and various idmaps.
> >
> > [global]
> > netbios name = OHPRSSTORAGE
> >
> > # workgroup = NT-Domain-Name or Workgroup-Name, eg: LINUX2
> > # workgroup = WORKGROUP
> >
> > # server string is the equivalent of the NT Description field
> > server string = HPRS NAS server
> >
> > domain master = no
> > prefered master = no
> >
> > realm = HPRS.LOCAL
> > workgroup = HPRS
> > usershare allow guests = Yes
> > usershare max shares = 10
> > security = ADS
> > template shell = /bin/bash
> >
> > max log size = 10000
> >
> > load printers = no
> > printing = bsd
> > printcap name = /dev/null
> > disable spoolss = yes
> >
> > idmap config *:backend = tdb
> > idmap config *:range = 2000-9999
> > idmap config HPRS:backend = ad
> > idmap config HPRS:schema_mode = rfc2307
> > idmap config HPRS:range = 10000-10099
> >
> > winbind enum groups = Yes
> > winbind enum users = Yes
> > winbind nss info = rfc2307
> > winbind offline logon = Yes
> > winbind refresh tickets = Yes
> > winbind use default domain = Yes
> >
> > [public]
> > comment = OHPRS main file and document repository
> > path = /mnt/RAID/public
> >
> > # for the following settings see:
> > https://www.samba.org/samba/docs/using_samba/ch08.html
> > hide dot files = yes
> > # set o+x to mark a file as hidden (doesn't work for folders)
> > map hidden = yes
> > # User's outlook .pst files are in a folder named "outlook"
> > hide files = /Outlook/outlook/~*/
> >
> > # locking: https://www.samba.org/samba/docs/using_samba/ch08.html
> > veto oplock files = /OfficeCalendar.pst/
> >
> > inherit acls = yes
> > valid users = @"domain users"
> >
> > # guest ok = yes
> > # guest only = yes
> >
> > locking = yes
> > public = yes
> > writeable = yes
> > browseable= yes
> > printable = no
> > create mask = 0660
> > force user = ohprso
> > force group = ohprs
> > force create mode = 0660
> > directory mask = 2771
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list