[Samba] to shares access from non-member clients/nodes
Rowland penny
rpenny at samba.org
Fri Aug 30 18:34:34 UTC 2019
On 30/08/2019 19:13, lejeczek via samba wrote:
>
> On 30/08/2019 17:25, Rowland penny via samba wrote:
>> On 30/08/2019 17:12, lejeczek via samba wrote:
>>> hi guys,
>>>
>>> with Samba as below
>>>
>>> [global]
>>> workgroup = NNNR
>>> netbios name = PA2
>>> realm = PRIVATE.REALM.MINE
>>> kerberos method = dedicated keytab
>>> dedicated keytab file = /etc/samba/samba.keytab
>>> create krb5 conf = no
>>> security = user
>>> domain master = yes
>>> domain logons = yes
>>>
>>> Should nodes/clients outside of domain (non-members) be
>>> able to access
>>> (with user+pass) Samba shares?
>>>
>>> many thanks, L.
>>>
>>>
>> 99% of that smb.conf is for a Unix Domain member, but
>> 'security = user' should be 'security = ADS' and it
>> wouldn't be a PDC (domain master = yes) because it is
>> using kerberos.
>>
>> There are also no auth lines that are required for a Unix
>> domain member.
>>
>> To put it another way, that is a borked smb.conf.
>>
>> If you just want a standalone server, see here:
>>
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
>>
>>
>> If you want something else, please explain just what you
>> are trying to achieve.
>>
>> Rowland
>>
>>
> Yes, it's a unix domain for it's a "regular" FreeIPA's
> Samba. Out of box this, I think, only does windows when
> trusted to an AD and from there, from/via AD win clients work.
> But I was hoping that outside of kerberos/domain clients(win
> 10), perhaps with user+pass could be mangled into such
> FreeIPA's Samba.
> many thanks, L.
>
I think you need to think the other way, how to use Samba with FreeIPA,
which I haven't got a clue about, but here is a starting point:
https://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA
Rowland
More information about the samba
mailing list