[Samba] File server questions
mathias dufresne
infractory at gmail.com
Fri Jun 5 13:33:30 UTC 2020
Le jeu. 4 juin 2020 à 15:43, Rowland penny via samba <samba at lists.samba.org>
a écrit :
> On 04/06/2020 14:13, mathias dufresne via samba wrote:
> [...]
> > smbd: the file server, at least for modern usage. It can also grab user
> > information from AD but not for system users, only for Samba users (the
> > applicative users, used to authenticate when accessing Samba and later,
> to
> > shares)
> > Is that true or not?
>
> Not any more, smbd used to be able to fallback to AD, but this was
> removed at 4.8.0
>
> 'smbd' is the fileserver component of Samba and requires winbind when
> running with 'security = ADS'
>
> [...]
I was very surprised to read that as on CentOS 7 using Samba 4.10.4-10.el7
and on Debian 10 using Samba 4.9.5+dfsg-5+deb10u1 I was able to get a
working configuration were:
- only smbd is running
- Windows clients are using their AD account (and SSO mechanism)
- once connected users can access to shares and contained files and
directories for modification.
Used smb.conf in both cases:
----------------------------------------------------------------------------
[global]
# AD access
realm = AD.DOMAIN.TLD
workgroup = AD
security = ads
kerberos method = secrets and keytab
log level = 3
username map = /etc/samba/usermap
server string = serveur
#============================ Share Definitions
==============================
[sharename]
path = /sharename
writeable = yes
browseable = yes
guest ok = yes
create mask = 0644
----------------------------------------------------------------------------
These two test systems are using /etc/passwd and /etc/group as users and
groups databases.
It seems the "requirement" is not so required and so I'm kind of puzzled.
mathias
More information about the samba
mailing list