[Samba] When ad domain machine shutdown, samba can not auth with unix local user

Rowland Penny rpenny at samba.org
Thu Mar 7 11:31:28 UTC 2019


On Thu, 7 Mar 2019 18:58:41 +0800
谷雷 <guleicarter at gmail.com> wrote:

> Hi,
> 
> My smb.conf as below, my ad domain name is HIKAD1.
> 
> [global]
>    browseable = no
>    guest ok = no
>    security = ADS
>    map to guest = bad user
>    # disable printers
>    load printers = no
>    printing = bsd
>    printcap name = /dev/null
>    disable spoolss = yes
>    encrypt passwords = yes
>    winbind enum groups = yes
>    winbind enum users = yes
>    #acl check permissions = no
>    #acl map full control = no
>    create mask = 0775
>    force create mode = 0775
>    winbind use default domain = no
>    winbind offline logon = false
>    winbind nss info = template
>    winbind cache time = 60
>    template shell = /sbin/nologin
>    template homedir = /var/naslocalhome
>    idmap config * : backend = tdb
>    idmap config * : range = 3000-7999
>    idmap config HIKAD1 : backend = rid
>    idmap config HIKAD1 : range = 100000-999999
>    realm = HIKAD1.COM <http://hikad1.com/>
>    workgroup = HIKAD1
>    netbios name = numb2
> 
> [gltest]
>    comment = 
>    path = /hdcfs/gltest
>    public = no
>    writable = no
>    valid users = "HIKAD1\aduser",gluser
>    write list = "HIKAD1\aduser",gluser
>    directory mask = 0755

Try changing 'winbind offline logon = false' to 'winbind offline
logon = yes'

This will cache your logon credentials.

I also hope by 'unix local user' that you mean an AD user that has
become a local user via Samba and not a user that exists in /etc/passwd.

Rowland



More information about the samba mailing list