[Samba] Authenticating AD users and Local users

Paquin, Brian brian.paquin at yale.edu
Mon Feb 18 14:35:38 UTC 2019

Thank you for replying!
I can login with my Active Directory credentials, but I can’t login using the local CentOS “svc_dictations” account.
I created the local account usingusing “adduser”, “smbpasswd”, and then updating my smb.conf file (below).

Thank you,


   workgroup = YALE
   password server = ad1.yu.yale.edu<http://ad1.yu.yale.edu> ad2.yu.yale.edu<http://ad2.yu.yale.edu>
   realm = YU.YALE.EDU<http://YU.YALE.EDU>
   security = ads
   idmap config * : range = 16777216-33554431
   template shell = /sbin/nologin
   kerberos method = system keytab
   winbind use default domain = true
   winbind offline logon = true

idmap config YU:schema_mode = rfc2307
idmap config YU:range = 100000-199999
idmap config YU:backend = rid
idmap config * : range = 16777216-33554431
idmap * : backend = tbd
dedicated keytab file = /etc/krb5.keytab
log level = 4
guest account = nobody
guest ok = no
log file = /var/log/samba/log.%m

printing = cups
printcap name = cups
load printers = yes
cups options = raw
store dos attributes = yes
vfs objects = acl_xattr
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes

comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No

comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775

comment = testshare
path = /testshare
valid users = @pathology_its svc_dictations
writable = yes
read only = No

On Feb 16, 2019, at 3:33 AM, Rowland Penny via samba <samba at lists.samba.org<mailto:samba at lists.samba.org>> wrote:

On Fri, 15 Feb 2019 22:12:21 +0000
"Paquin, Brian via samba" <samba at lists.samba.org<mailto:samba at lists.samba.org>> wrote:

With a lot of help, I just got AD authentication working (Samba
4.8.3, CentOS 7.6, using Winbind). I then added a local account to a
share, but I can’t login. My smb.conf has “security = ads”, but I
can’t figure out how to use that AND authenticate local users.

How can I authenticate Active Directory AND local users?


How did you add the 'local' account to the share ?
Define 'login'

Please post your smb.conf (in the post, without commented lines)


To unsubscribe from this list go to the following URL and read the
instructions:  https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Foptions%2Fsamba&data=02%7C01%7Cbrian.paquin%40yale.edu%7C5c6090ca9ebe4cc7add208d693e97e9d%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C636859028488910148&sdata=DnOCiIjUYJNCwv%2BKuKSUf4KHnjErBOL%2BlLTeQdyIDPU%3D&reserved=0

[Yale Pathology Logo]
Brian Paquin
Help Desk Support Yale Pathology ITS
310 Cedar St. BML B50
New Haven, CT 06520

More information about the samba mailing list