[Samba] Share cannot be accessed when samba is in Domain with security enabled
Rowland Penny
rpenny at samba.org
Mon Sep 24 08:57:55 UTC 2018
On Mon, 24 Sep 2018 13:44:29 +0530
Shivappa <ssangapur3 at gmail.com> wrote:
> Rowland,
>
> Thanks for ur suggestions.
> I have used “map to guest=never” and I no longer getting that
> original error.
>
> Do you guess any other issues I may face with keeping stand-alone
> server and above parameter.
>
> So far it is working fine for me in Domain environment.
If that is all you have changed, then I am surprised.
If you just want a standalone server without users, then I would expect
your smb.conf to look similar to this:
[global]
workgroup = NOTSAMBADFS
security = user
server string = SMB Standalone Server
log level = 1
max log size = 2000
max smbd processes = 100
dns proxy = no
guest only = yes
map to guest = Bad User
ntlm auth = yes
deadtime = 60
dos charset = CP932
#my share
[SHIVA_SHARE]
path = /etc/test
guest ok = yes
The computer must not be joined to the domain and you would not create
any users on the standalone server and winbind doesn't need to run.
If however you want Domain users to log into the computer, it will need
to be a domain member and the smb.conf will need to be similar to this:
[global]
workgroup = SAMBADFS
security = ADS
server string = SMB ADS Server
realm = SAMBADFS.LOCAL
log level = 1
max log size = 2000
max smbd processes = 100
ntlm auth = yes
deadtime = 60
dos charset = CP932
idmap config *:backend = tdb
idmap config *:range = 3000-7999
idmap config SAMBADFS : backend = rid
idmap config SAMBADFS : range = 10000-999999
template shell = /bin/bash
template homedir = /home/%U
#my share
[SHIVA_SHARE]
path = /etc/test
The computer will need to be joined to the domain, the users will come
from AD and winbind must be running.
I would also suggest you read 'man smb.conf', most of your smb.conf
lines were defaults (as is 'map to guest = yes')
Rowland
More information about the samba
mailing list