[Samba] Samba as AD controller and local auth
Rowland penny
rpenny at samba.org
Sun May 19 08:59:36 UTC 2019
On 19/05/2019 09:27, David Puffer via samba wrote:
> Hello all,
>
> I have been breaking my head about this for several days now - what seems to be something “easy” to do (or at least I suppose others would also encounter this problem) simply does not work: I am running a Samba Active Directory Domain Controller on my Synology NAS.
How did you create the AD DC ?
Did you provision it ?
> Since I installed and set up the AD DC, local user authentication for shares is not working anymore.
Define 'local user authentication'
>
> Before: Simple Samba shares with authentication against local samba users -> worked
Sounds like it was a standalone server
> After: Only domain user authentication works.
Now here is the thing, it is now an AD DC, so any user that connects
will need to be a Domain user.
>
> The global section of smb.conf:
>
> [global]
> include = /var/packages/ActiveDirectoryServer/conf/etc/smb.tls.conf
> printcap name = cups
> winbind enum groups = yes
> include = /var/tmp/nginx/smb.netbios.aliases.conf
> workgroup = <MYDOMAIN>
> server services = rpc,nbt,wrepl,ldap,cldap,kdc,drepl,ntp_signd,kcc,dnsupdate
> local master = no
> realm = <FQDN_IF_MYDOMAIN>
> netbios name = SYNOLOGY
> private dir = /var/packages/ActiveDirectoryServer/target/private
> server role = active directory domain controller
> printing = cups
> max protocol = SMB2
> winbind enum users = yes
> load printers = yes
> log level = 10
Why have you mangled your smb.conf, for instance, what is in
'smb.netbios.aliases.conf' ?
Are you aware that there is no network browsing with a Samba AD DC ?
Fix your smb.conf, understand that your users will now need to be stored
in AD and you should get things to work.
Rowland
More information about the samba
mailing list