[Samba] Authenticating Samba Share with Domain Administrator

Mark Foley mfoley at ohprs.org
Wed Aug 21 21:47:45 UTC 2019

I have a NAS (Linux/Slackware 14.2) that is a domain member. "Normal" AD Windows users can map
shared directories just fine without having to enter Credentials. If I try doing that with the
domain Administrator it prompts me for the credentials, then fails. On the NAS I can get an
"OK" status with ntlm_auth using the administrator credentials. I cannot 'su -' to the
administrator account on the NAS, nor can I do so on the AD/DC. On the latter I get
"Authentication Failure".

On the NAS, a getent for a normal user gives:

# getent passwd mark
mark:*:10001:10000:Mark Foley:/home/HPRS/mark:/bin/bash

I cannot getent for the administrator on the NAS (comes back blank), but I can do so on the AD/DC:

getent passwd Administrator

Is there some setting in the NAS smb.conf that will fix this?

Here is my smb.conf on the NAS:

# Global parameters
netbios name = OHPRSSTORAGE

   server string = HPRS NAS server

domain master = no
prefered master = no

realm = HPRS.LOCAL
workgroup = HPRS
usershare allow guests = Yes
usershare max shares = 10
security = ADS
template shell = /bin/bash

max log size = 10000

load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config HPRS:backend = ad
idmap config HPRS:schema_mode = rfc2307
idmap config HPRS:range = 10000-10099

winbind enum groups = Yes
winbind enum users = Yes
winbind nss info = rfc2307
winbind offline logon = Yes
winbind refresh tickets = Yes
winbind use default domain = Yes

comment = HPRS domain current backup respository
path = /mnt/RAID/Backups
public = yes
guest ok = yes
guest only = yes
writeable = yes
browseable= yes
printable = no
force user = ohprso
force group = ohprs
create mask = 0660
directory mask = 2771

More information about the samba mailing list