[Samba] User mapping?

Simon Matthews simon.matthews at bluepearlsoftware.com
Fri Aug 7 19:12:49 UTC 2020 

On 8/7/20 12:00 PM, Rowland penny via samba wrote:
> On 07/08/2020 19:46, Simon Matthews via samba wrote:
>> I have a network with a Samba server (Samba 4, but running as an old
>> NT-style domain), Windows and Linux clients.
> You really should consider upgrading to AD,
>> Is there any way to have the Windows client access map to just "user",
>> with its Linux UID? What should I expect with a machine that is joined
>> to a domain -- or is the problem that the Linux client is not actually
>> joined to the domain? If so, how do I fix this?
>
> Can we start by seeing your smb.conf files from your PDC and a linux
> client, also what OS is the client running.
>
> Rowland

The client is running CentOS 7:

# cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)

After another attempt, I have successfully joined the linux client to
the domain:

# net rpc join MEMBER  -S raidserver -U root%<password>
Using short domain name -- BLUE
Joined 'TURQUOISE' to domain 'BLUE'

Note that the hostname of the Linux client is actually "H2". Turquoise
is a hold over from what it was earlier. "turquoise" resolves on the
network:

$ ping turquoise
PING h2.sj.bps (192.168.254.105) 56(84) bytes of data.
64 bytes from h2.sj.bps (192.168.254.105): icmp_seq=1 ttl=64 time=0.264 ms

Client config:
=========

grep -v ^# /etc/samba/smb.conf

[global]


    workgroup = BLUE
    password server = raidserver
    security = domain
    idmap config * : range = 16777216-33554431
    template shell = /bin/false
    kerberos method = secrets only
    winbind use default domain = false
    winbind offline logon = true
    username map = /etc/samba/usermap.txt    # This file is empty.

     server string = Samba Server Version %v

     netbios name = TURQUOISE
     # client ntlmv2 auth = yes
     # ntlm auth = no

     interfaces = lo eth1

     local master = no
     os level = 20
     preferred master = no


     wins support = no

     load printers = no
     cups options = raw


[printers]
     comment = All Printers
     path = /var/spool/samba
     browseable = no
     guest ok = no
     writable = no
     printable = yes

[build2]
     comment = build2 on Turquoise
     path = /export/build
     browseable = yes
     writeable = yes
     guest ok = yes
[install]
     comment = install on Turquoise
     path = /mnt/newbuild2/install
     browseable = yes
     writeable = yes
     guest ok = yes
[squish]
     comment = squish on Turquoise
     path = /mnt/newbuild2/TestArea
     browseable = yes
     writeable = yes
     guest ok = yes
[build4]
     comment = build4 on Turquoise
     path = /build4
     browseable = yes
     writeable = yes
     guest ok = yes
[build-H4]
     comment = build4 on Turquoise
     path = /build4
     browseable = yes
     writeable = yes
     guest ok = yes

Config on PDC (raidserver):
=================

# grep -v ^# /etc/samba/smb.conf

[global]
     workgroup = BLUE
     netbios name = RAIDSERVER
     server string = Samba Server %v
     interfaces = 192.168.254.3, 127.0.0.1
     bind interfaces only = yes
     map to guest = Bad User
     smb passwd file = /etc/samba/private/smbpasswd
     log file = /var/log/samba3/log.%m
     log level = 1
     max log size = 500
     # socket options = IPTOS_LOWDELAY TCP_NODELAY
     socket_options =  TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
     # write cache size = 262144
     printcap name = cups
     os level = 64
     # WINS support must be present for domain logins
     wins support = yes
     dns proxy = No
     ldap ssl = no

     domain master = yes
     domain logons = yes
     enable privileges = yes

     security = user
     local master = yes
     preferred master = yes
     #logon path = \\%N\profiles\%U
     logon path =
     logon home = \\raidserver\%U
     logon drive = h:
     logon script = logon.bat
     passdb backend = tdbsam
     #null passwords = yes
     time server = yes
     dos filetimes = yes
     max protocol = SMB3
     map untrusted to domain = yes

[netlogon]
     path = /local/samba/netlogon
     read only = yes
     browseable = no
[profiles]
     path = /local/samba/profiles
     read only = no
     create mask = 0666
     directory mask = 0700
     browseable = no

[homes]
     comment = Home Directories
     path = /home/%S
     invalid users = root
     read only = No
     browseable = No
     dos filetime resolution = yes
[home]
     comment = Home Directories
     path = /home/
     invalid users = root
     read only = No
     browseable = Yes
     dos filetime resolution = yes

[build2]
     comment = Home Directories
     path = /home/build2
     invalid users = root
     read only = No
     browseable = No
     dos filetime resolution = yes

[printers]
     comment = All Printers
     path = /var/spool/samba
     create mask = 0700
     guest ok = Yes
     printable = Yes
     browseable = No
     # printer admin = root,simon

[print$]
     path = /var/lib/samba/printers
     write list = @adm, root
     guest ok = Yes
     read only = yes
     browseable = yes
     # printer admin = root,simon

[export]
     comment = Export dir
     path = /export
     invalid users = root
     admin users = simon
     read only = No
     dos filetime resolution = yes



>
>
>
>

Blue Pearl Software, Inc. will collect and process information about you that may be subject to data protection laws. For more information about how we use and disclose your personal information, how we protect your information, our legal basis to use your information, your rights and who you can contact, please refer to the relevant sections of our Privacy note at www.bluepearlsoftware.com/privacypolicy.

More information about the samba mailing list