[Samba] Authenticating Samba Share with Domain Administrator
Mark Foley
mfoley at ohprs.org
Wed Aug 21 21:47:45 UTC 2019
I have a NAS (Linux/Slackware 14.2) that is a domain member. "Normal" AD Windows users can map
shared directories just fine without having to enter Credentials. If I try doing that with the
domain Administrator it prompts me for the credentials, then fails. On the NAS I can get an
"OK" status with ntlm_auth using the administrator credentials. I cannot 'su -' to the
administrator account on the NAS, nor can I do so on the AD/DC. On the latter I get
"Authentication Failure".
On the NAS, a getent for a normal user gives:
# getent passwd mark
mark:*:10001:10000:Mark Foley:/home/HPRS/mark:/bin/bash
I cannot getent for the administrator on the NAS (comes back blank), but I can do so on the AD/DC:
getent passwd Administrator
HPRS\administrator:*:0:10000:Administrator:/home/HPRS/administrator:/bin/bash
Is there some setting in the NAS smb.conf that will fix this?
Here is my smb.conf on the NAS:
# Global parameters
[global]
netbios name = OHPRSSTORAGE
server string = HPRS NAS server
domain master = no
prefered master = no
realm = HPRS.LOCAL
workgroup = HPRS
usershare allow guests = Yes
usershare max shares = 10
security = ADS
template shell = /bin/bash
max log size = 10000
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config HPRS:backend = ad
idmap config HPRS:schema_mode = rfc2307
idmap config HPRS:range = 10000-10099
winbind enum groups = Yes
winbind enum users = Yes
winbind nss info = rfc2307
winbind offline logon = Yes
winbind refresh tickets = Yes
winbind use default domain = Yes
[Backups]
comment = HPRS domain current backup respository
path = /mnt/RAID/Backups
public = yes
guest ok = yes
guest only = yes
writeable = yes
browseable= yes
printable = no
force user = ohprso
force group = ohprs
create mask = 0660
directory mask = 2771
More information about the samba
mailing list