[Samba] User mapping/login issue
Rowland Penny
rpenny at samba.org
Thu Apr 25 08:51:33 UTC 2019
On Thu, 25 Apr 2019 16:04:18 +0930
Stephen Davies via samba <samba at lists.samba.org> wrote:
> It would appear that there may be more than one issue with my
> smb.conf. The scenario is a Centos 7 Linux server with a bunch of LAN
> connected windows 10 clients and several remote windows 10 clients
> which connect via VPN. The server firewall accepts everything from
> the VPN. The server and local clients are all in workgroup BENPARTS
> while the remote clients are either stand-alone or in different
> workgroups/domains. Local SMB access works as expected but remote
> access does not due to password failures (as described in earlier log
> excerpts). What should the domain-related entries in smb.conf be to
> support this scenario? Cheers and thanks,
> Stephen
>
It sounds like you are trying to run a workgroup, but your smb.conf is
set up as a PDC, can I suggest you try this smb.conf:
[global]
workgroup = BENPARTS
server string = Samba Server %v
printcap name = cups
load printers = yes
printing = cups
log file = /var/log/samba/log.%m
max log size = 50
log level = 4
map to guest = Bad User
security = user
username level = 8
unix password sync = yes
name resolve order = host lmhosts wins bcast
# only turn the next line on if it isn't on any other Samba machine
#wins support = yes
unix charset = ISO8859-1
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
read only = no
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = yes
printable = yes
create mode = 0700
print command = lpr-cups -P %p -o raw %s -r
[print$]
path = /var/lib/samba/printers
write list = @adm root
guest ok = yes
[pdf-generator]
path = /var/tmp
printable = Yes
comment = PDF Generator (only valid users)
print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I &
[pdf-screen]
copy = pdf-generator
comment = PDF Generator - Screen quality (only valid users)
print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I "" %S &
[pdf-printer]
copy = pdf-generator
comment = PDF Generator - Print quality (only valid users)
print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I "" %S &
[pdf-prepress]
copy = pdf-generator
comment = PDF Generator - PrePress quality (only valid users)
print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I "" %S &
# This one is useful for people to share files
[tmp]
comment = Temporary file space
path = /tmp
read only = no
guest ok = yes
[var]
comment = General shared storage
path = /var
read only = no
guest ok = yes
That will turn it into a standalone server, but if you want
authenticated users to connect to the shares, they must exist on the
Samba machine with the same password as on the Windows machine. Any
unknown users will be silently mapped to the guest user 'nobody' and
allowed access to any shares where 'guest ok = yes' is set.
Rowland
More information about the samba
mailing list