[Samba] multiuser with simple user mapping

Rowland Penny rpenny at samba.org
Thu Jul 1 20:53:24 UTC 2021

On Thu, 2021-07-01 at 15:51 -0400, Eric Levy via samba wrote:
> On Thu, 2021-07-01 at 09:48 +0100, Rowland Penny via samba wrote:
> > > If all the users in all the machines accessing the share in your
> > > network
> > > share the the same UID namespace without conflicts, then in that
> > > case
> > > you could use idsfromsid I think. With it, any *new* file created
> > > by
> > > user bob will show up on the share as owned by a special SID that
> > > contains the UID. And only files created with that mount options
> > > should
> > > be listed back with bob uid.
> > > 
> > > That being said, if you have the same uid namespace on all
> > > machines
> > > for
> > > user bob, that means you already have some sort of centralized
> > > identication server similar to AD and are using winbind or sssd.
> > 
> > That's the problem, he isn't, he is running Samba as a standalone
> > server, it would be a lot easier if he was running Samba as a Unix
> > domain member.
> > 
> > Rowland
> Not using a domain is a preference based on a hope to achieve the
> stated behavior as simply as possible. All else being equal, two
> nodes
> is simpler than two nodes plus a domain server. Both hardware and
> administrative resources are scarce. I had hoped that the
> coordination
> of users and permissions might be accomplished between two nodes
> using
> only what is already provided by these nodes. Certainly, support for
> such a case would be a very helpful feature. A domain by definition
> is
> most relevant when the number of other nodes exceeds two, so it is
> not
> optimal to face the requirement to create a domain just to add
> capabilities to the way two nodes interact. 
> I am not opposed categorically to a domain server, but as the
> resources
> to provision and to maintain any configuration is minimal, and as
> most
> information on the topic of domain servers is targeted at
> administrators managing full-scale commercial or institutional
> deployments, I am wondering what information or references
> participants
> on this list might offer to help me understand how to achieve this
> result as efficiently as possible.
> Available nodes are limited to the Synology device, which has some
> support for domain servers through add-on packages, and any virtual
> machines I may create on the same device. In fact, the "server" I
> earlier mentioned is actually a virtual machine on the Synology
> device.
> I had omitted this detail because it is doubtful that it would affect
> any answer given so far.
> To summarize, I think the following would be most helpful, at this
> stage:
>    1. Any concise resources explaining how to create a basic
> configuration
>       of a domain server on the Synology device, for the stated use
> case,
>       assuming minimal knowledge on the subject.
>    2. A concrete example of the simplest mount command expected to
> satisfy
>       the case.

A Samba standalone server is akin to a Windows PC that isn't a member
of a domain, a group of such machines is usually described as a
For a workgroup to work, you need to create the same users and groups
on all workgroup members, with preferrably the same passwords. This is
okay for a small number of computers, certainly no more than twenty,
after that it gets out of hand, this is why domains were created. You
say that there are only two computers involved, I find this hard to
believe, surely there are going to be other client machines.

I have never used a synology device, but they have cropped up on this
list from time to time, usually with problems similar to yours. I can
only advise what I know works with standard Samba, unfortunately
synology does not seem to want you to alter the smb.conf file

Louis posted a link to synology's source code on Sourceforge and if
that link is the latest available (it is dated 2020-10-01) then it is
using a very old version of Samba (4.4.16 to be precise) and I wouldn't
use it. What does 'smbd -V' output ? 
If the sourcecode is to be believed, there are three extra directories,
SynoBuildConf, synocache and synosmb, there are probably other changes.

What are your clients running ?


More information about the samba mailing list