[Samba] SAMBA using existing users and passwords on Linux

Fri Jun 19 13:08:31 UTC 2020

Hello Rowland. Thanks for answering.

The linux server is already in the AD domain and resolving Ad users as
normal.

To map the linux server share using AD users I use the following command:

net use \\linuxserver\share /U:AD_user

and it works perfectly.

But I would like to use the same command for users who are in /etc/passwd,
like this:

net use \\linuxserver\share /U:linuxserver_user

and so it doesn't work, it gives an invalid user error.

To work with users who are in /etc/passwd I have to use the following
command:

net use \\linuxserver\share /U:linuxserver\linuxserver_user

In short, I wanted to map the share using Linux users (who are in
/etc/passwd) without having to specify the name of the Linux server.
Is there a way to do this?

<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Livre
de vírus. www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>.
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

Em qui., 18 de jun. de 2020 às 13:55, Fernando Gonçalves <
fernandolmg at gmail.com> escreveu:

> Hello everyone.
> I'm back because I decided to follow your advice and deploy the system
> using a new version of SAMBA with encrypted passwords.
> I added the SAMBA server in the AD domain without any problems and I am
> already accessing the shares with AD users.
> However I have a new problem for which I need help.
> When I try to access SAMBA shares with local Linux users, it is necessary
> to include the name of the Linux server when passing the local user.
> For example if I try to access like this, it doesn't work, it gives an
> invalid user error
>
> net use \\host\share /U:localuser
>
> To work the command must be like this:
>
> net use \\host\share /U:host\localuser
>
> What it seems to me is that SAMBA does not authenticate on the local
> machine, only in AD.
> Is there a way to get SAMBA to authenticate to AD and on the local machine?
>
>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Livre
> de vírus. www.avast.com
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>.
> <#m_-2063159758718843766_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
> Em qui., 4 de jun. de 2020 às 10:26, mathias dufresne via samba <
> samba at lists.samba.org> escreveu:
>
>> Hi Fernando,
>>
>> What kind of system are using your Samba's clients?
>>
>> If they are using Windows systems joined to AD, you can join your Samba
>> server into AD too. Then your users will be able to use Kerberos (ie SSO)
>> to authenticate against your Samba server.
>>
>> Your Samba system users could be local (in /etc/passwd) or coming from AD
>> (using winbindd).
>> If system users are in /etc/passwd, they would have to have the same name
>> as on the client system or you will have to add some username mapping (see
>> "username map" option).
>>
>> Perhaps all that blabla is out of subject, perhaps it will help, I do hope
>> it will ; )
>>
>> Cheers,
>>
>> mathias
>>
>> Le jeu. 4 juin 2020 à 08:45, Rowland penny via samba <
>> samba at lists.samba.org>
>> a écrit :
>>
>> > On 03/06/2020 22:41, Fernando Gonçalves via samba wrote:
>> > > So that it doesn't end without a conclusion I will inform you what has
>> > been
>> > > accomplished.
>> > > As our time was short to complete the migration I decided to install
>> the
>> > > same version of SAMBA that was already running on the old machine
>> > (3.6.6).
>> > > After the migration is complete, I will have more time to update the
>> > SAMBA
>> > > and insert it into our AD domain, thus changing the entire login and
>> > > mapping system.
>> > > I am very grateful to everyone who responded and helped me in this
>> > decision
>> > > making.
>> > > I wish everyone health.
>> >
>> > I cannot help but think that was a BAD decision, Samba 3.6.6 is totally
>> > unsupported and is very insecure, ever heard of 'wanacry' ?
>> >
>> > If you must use it, then can I urge you to not connect your network to
>> > the internet in any way.
>> >
>> > I cannot stop you using 3.6.6, it is your network and you control it,
>> > but you also get to pick up the pieces when it goes wrong.
>> >
>> > One last thought, do the people who run your AD know you are doing this
>> > very insecure thing ?
>> >
>> > Rowland
>> >
>> >
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions:  https://lists.samba.org/mailman/options/samba
>> >
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>