[Samba] multiuser with simple user mapping

L.P.H. van Belle belle at bazuin.nl
Fri Jul 2 08:45:41 UTC 2021 

All what Aurélien said.. + 

Now which DSM are you running 6.x or 7.0? 
Because when its 7.0 
>> NT4 domains are no longer supported. Current NT4 domains will be unavailable after the update. 
And 
>> DSM 7.0 by default disables NTLMv1 and enables NTMLv2 only, so SMB clients 
>> (e.g., Windows XP devices, media players, network printers, smart TVs, and IP cameras) won?t be 
>> able to access your Synology NAS. To restore the connection after the update, 
>> go to Control Panel > File Services > SMB > Advanced Settings 
>> > Others and enable NTLMv1 authentication.

https://www.synology.com/en-global/dsm/feature/active_directory 
Set it up join the domain and and your set. 

Stop fiddeling around and avoid the configs that will break you setup in near future.

Greetz, 

Louis




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Eric 
> Levy via samba
> Verzonden: donderdag 1 juli 2021 23:34
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] multiuser with simple user mapping
> 
> 
> 
> On Thu, 2021-07-01 at 21:53 +0100, Rowland Penny via samba wrote:
> > > Not using a domain is a preference based on a hope to achieve the
> > > stated behavior as simply as possible. All else being equal, two
> > > nodes
> > > is simpler than two nodes plus a domain server. Both hardware and
> > > administrative resources are scarce. I had hoped that the
> > > coordination
> > > of users and permissions might be accomplished between two nodes
> > > using
> > > only what is already provided by these nodes. Certainly, support
> > > for
> > > such a case would be a very helpful feature. A domain by 
> definition
> > > is
> > > most relevant when the number of other nodes exceeds two, so it is
> > > not
> > > optimal to face the requirement to create a domain just to add
> > > capabilities to the way two nodes interact. 
> > > 
> > > I am not opposed categorically to a domain server, but as the
> > > resources
> > > to provision and to maintain any configuration is minimal, and as
> > > most
> > > information on the topic of domain servers is targeted at
> > > administrators managing full-scale commercial or institutional
> > > deployments, I am wondering what information or references
> > > participants
> > > on this list might offer to help me understand how to achieve this
> > > result as efficiently as possible.
> > > 
> > > Available nodes are limited to the Synology device, which has some
> > > support for domain servers through add-on packages, and 
> any virtual
> > > machines I may create on the same device. In fact, the "server" I
> > > earlier mentioned is actually a virtual machine on the Synology
> > > device.
> > > I had omitted this detail because it is doubtful that it would
> > > affect
> > > any answer given so far.
> > > 
> > > To summarize, I think the following would be most helpful, at this
> > > stage:
> > > 
> > >    1. Any concise resources explaining how to create a basic
> > > configuration
> > >       of a domain server on the Synology device, for the 
> stated use
> > > case,
> > >       assuming minimal knowledge on the subject.
> > >    2. A concrete example of the simplest mount command expected to
> > > satisfy
> > >       the case.
> > > 
> > > 
> > 
> > A Samba standalone server is akin to a Windows PC that 
> isn't a member
> > of a domain, a group of such machines is usually described as a
> > workgroup.
> > For a workgroup to work, you need to create the same users 
> and groups
> > on all workgroup members, with preferrably the same passwords. This
> > is
> > okay for a small number of computers, certainly no more than twenty,
> > after that it gets out of hand, this is why domains were 
> created. You
> > say that there are only two computers involved, I find this hard to
> > believe, surely there are going to be other client machines.
> > 
> > I have never used a synology device, but they have cropped 
> up on this
> > list from time to time, usually with problems similar to 
> yours. I can
> > only advise what I know works with standard Samba, unfortunately
> > synology does not seem to want you to alter the smb.conf file
> > manually. 
> > 
> > Louis posted a link to synology's source code on Sourceforge and if
> > that link is the latest available (it is dated 2020-10-01) 
> then it is
> > using a very old version of Samba (4.4.16 to be precise) and I
> > wouldn't
> > use it. What does 'smbd -V' output ? 
> > If the sourcecode is to be believed, there are three extra
> > directories,
> > SynoBuildConf, synocache and synosmb, there are probably other
> > changes.
> > 
> > What are your clients running ?
> > 
> > Rowland
> 
> 
> As you anticipate, other clients would access the shares as well, but
> would do so according to a more familiar single-user per-session style
> of mount. The server is a special case because it runs automatic tasks
> and supports multiple concurrent logins, giving rise to the 
> requirement
> that files from the mount are available at all times, beginning
> immediately after boot, and appear locally according to the same
> permissions as though the same users were running tasks 
> directly on the
> storage device. Thus, the occurrence of these clients has seemed to me
> incidental, and unlikely to change any answer that would be given in
> this discussion. All clients are running Linux, but from time to time
> Windows client may also access the shares.
> 
> Currently, I have users on the Linux server and the Synology storage
> device with the same user names and passwords. However, your comments
> about the relevance of the workgroup confuse me, because mounting a
> share through Samba involves providing a host name and share name, but
> not a workgroup. Perhaps you might clarify how the mount would
> participate, in any sense, in the workgroup, rather than 
> simply being a
> connection between two network endpoints.
> 
> Synology attempts to restrict modifications of smb.conf, but does
> provide a graphical interface for control over some of the options.
> Synology also provides an add-on package to allow the device act as a
> domain server.
> 
> The smbd version is reported as follows:
> 
> Version 4.10.18
> Synology Build 41858, May  4 2021 12:54:26
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list