[Samba] multiuser with simple user mapping
Eric Levy
contact at ericlevy.name
Thu Jun 24 08:58:33 UTC 2021
On Thu, 2021-06-24 at 09:52 +0100, Rowland Penny via samba wrote:
> On Thu, 2021-06-24 at 04:46 -0400, Eric Levy via samba wrote:
> > On Thu, 2021-06-24 at 09:36 +0100, Rowland Penny via samba wrote:
> > > On Wed, 2021-06-23 at 20:39 -0400, Eric Levy via samba wrote:
> > > > Are you able to provide any details or references on what
> > > > configuration
> > > > is needed in Winbind, or what specific tests are helpful in
> > > > wbinfo?
> > > >
> > > > In case it clarifies any misunderstanding, there is no domain
> > > > server
> > > > or
> > > > any similar component or node. There are just two endpoints, a
> > > > NAS
> > > > and
> > > > a server (which will mount the NAS share). User names are the
> > > > same
> > > > on
> > > > both systems. That is, user name "johndo123" on the server
> > > > should
> > > > have
> > > > the same permissions for shared files as "johndo123" on the
> > > > NAS,
> > > > because of string identity. Currently, there is no authority to
> > > > validate that both names are the same user.
> > >
> > > If there are no Domain Controllers, then you cannot use winbind
> > > and
> > > whilst there might be users with the same name on each endpoint,
> > > they
> > > are not the same user.
> > >
> > > You could try creating a usermap to map users from one endpoint
> > > to
> > > another.
> > >
> > > Rowland
> >
> > Following this suggestion would require making changes to smb.conf
> > on
> > the NAS, right (e.g. setting the idmap backend to nss)? Is any
> > option
> > available not involving such changes?
> >
>
> If there is no Domain Controller, the NAS should be running as a
> standalone server and shouldn't have any 'idmap config' lines.
>
> I think it might be a good idea if you posted your smb.conf files.
>
> rowland
I am attaching smb.conf. I have made no manual changes, in part for
reasons that would be obvious once examining the file. The NAS
administration utility may have made changes based on settings I
selected.
-------------- next part --------------
# Copyright (c) 2000-2019 Synology Inc. All rights reserved.
#
#
# ______ _______
# ( __ \ ( ___ )
# | ( \ ) | ( ) |
# | | ) | | | | |
# | | | | | | | |
# | | ) | | | | |
# | (__/ ) | (___) |
# (______/ (_______)
#
# _ _______ _________
# ( ( /| ( ___ ) \__ __/
# | \ ( | | ( ) | ) (
# | \ | | | | | | | |
# | (\ \) | | | | | | |
# | | \ | | | | | | |
# | ) \ | | (___) | | |
# |/ )_) (_______) )_(
#
# _______ _______ ______ _________ _______
# ( ) ( ___ ) ( __ \ \__ __/ ( ____ \ |\ /|
# | () () | | ( ) | | ( \ ) ) ( | ( \/ ( \ / )
# | || || | | | | | | | ) | | | | (__ \ (_) /
# | |(_)| | | | | | | | | | | | | __) \ /
# | | | | | | | | | | ) | | | | ( ) (
# | ) ( | | (___) | | (__/ ) ___) (___ | ) | |
# |/ \| (_______) (______/ \_______/ |/ \_/
#
#
# IMPORTANT: Synology will not provide technical support for any issues
# caused by unauthorized modification to the configuration.
[global]
printcap name=cups
winbind enum groups=yes
include=/var/tmp/nginx/smb.netbios.aliases.conf
admin users=@HOME\Domain Admins, at HOME\Enterprise Admins
min protocol=NT1
security=user
local master=yes
realm=*
passdb backend=smbpasswd
printing=cups
max protocol=SMB3
winbind enum users=yes
load printers=yes
workgroup=WORKGROUP
More information about the samba
mailing list