[Samba] User mapping/login issue

Rowland Penny rpenny at samba.org
Thu Apr 25 08:51:33 UTC 2019 

On Thu, 25 Apr 2019 16:04:18 +0930
Stephen Davies via samba <samba at lists.samba.org> wrote:

> It would appear that there may be more than one issue with my
> smb.conf. The scenario is a Centos 7 Linux server with a bunch of LAN
> connected windows 10 clients and several remote windows 10 clients
> which connect via VPN. The server firewall accepts everything from
> the VPN. The server and local clients are all in workgroup BENPARTS
> while the remote clients are either stand-alone or in different
> workgroups/domains. Local SMB access works as expected but remote
> access does not due to password failures (as described in earlier log
> excerpts). What should the domain-related entries in smb.conf be to
> support this scenario? Cheers and thanks,
> Stephen
> 

It sounds like you are trying to run a workgroup, but your smb.conf is
set up as a PDC, can I suggest you try this smb.conf:

[global]
     workgroup = BENPARTS
     server string = Samba Server %v
     printcap name = cups
     load printers = yes
     printing = cups
     log file = /var/log/samba/log.%m
     max log size = 50
     log level = 4
     map to guest = Bad User
     security = user
     username level = 8
     unix password sync = yes
     name resolve order = host lmhosts wins bcast
     # only turn the next line on if it isn't on any other Samba machine
     #wins support = yes
     unix charset = ISO8859-1

#============================ Share Definitions ==============================
[homes]
     comment = Home Directories
     browseable = no
     read only = no

[printers]
     comment = All Printers
     path = /var/spool/samba
     browseable = no
     guest ok = yes
     printable = yes
     create mode = 0700
     print command = lpr-cups -P %p -o raw %s -r

[print$]
     path = /var/lib/samba/printers
     write list = @adm root
     guest ok = yes

[pdf-generator]
     path = /var/tmp
     printable = Yes
     comment = PDF Generator (only valid users)
     print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I &

[pdf-screen]
     copy = pdf-generator
     comment = PDF Generator - Screen quality (only valid users)
     print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I "" %S &

[pdf-printer]
     copy = pdf-generator
     comment = PDF Generator - Print quality (only valid users)
     print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I "" %S &

[pdf-prepress]
     copy = pdf-generator
     comment = PDF Generator - PrePress quality (only valid users)
     print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I "" %S &

# This one is useful for people to share files
[tmp]
    comment = Temporary file space
    path = /tmp
    read only = no
    guest ok = yes


[var]
     comment = General shared storage
     path = /var
     read only = no
     guest ok = yes

That will turn it into a standalone server, but if you want
authenticated users to connect to the shares, they must exist on the
Samba machine with the same password as on the Windows machine. Any
unknown users will be silently mapped to the guest user 'nobody' and
allowed access to any shares where 'guest ok = yes' is set.

Rowland

More information about the samba mailing list