[Samba] File server questions

mathias dufresne infractory at gmail.com
Fri Jun 5 13:33:30 UTC 2020

Le jeu. 4 juin 2020 à 15:43, Rowland penny via samba <samba at lists.samba.org>
a écrit :

> On 04/06/2020 14:13, mathias dufresne via samba wrote:
> [...]
> > smbd: the file server, at least for modern usage. It can also grab user
> > information from AD but not for system users, only for Samba users (the
> > applicative users, used to authenticate when accessing Samba and later,
> to
> > shares)
> > Is that true or not?
> Not any more, smbd used to be able to fallback to AD, but this was
> removed at 4.8.0
> 'smbd' is the fileserver component of Samba and requires winbind when
> running with 'security = ADS'
> [...]

I was very surprised to read that as on CentOS 7 using Samba 4.10.4-10.el7
and on Debian 10 using Samba 4.9.5+dfsg-5+deb10u1 I was able to get a
working configuration were:
- only smbd is running
- Windows clients are using their AD account (and SSO mechanism)
- once connected users can access to shares and contained files and
directories for modification.

Used smb.conf in both cases:
  # AD access
  realm = AD.DOMAIN.TLD
  workgroup = AD
  security = ads
  kerberos method = secrets and keytab
  log level = 3
  username map = /etc/samba/usermap
  server string = serveur
#============================ Share Definitions
        path = /sharename
        writeable = yes
        browseable = yes
        guest ok = yes
        create mask = 0644

These two test systems are using /etc/passwd and /etc/group as users and
groups databases.

It seems the "requirement" is not so required and so I'm kind of puzzled.


More information about the samba mailing list