[Samba] Principal is a computer account - why

Meike Stone meike.stone at googlemail.com
Thu Sep 2 12:04:50 UTC 2021

Am Do., 2. Sept. 2021 um 12:37 Uhr schrieb Rowland Penny <rpenny at samba.org>:
> On Thu, 2021-09-02 at 11:58 +0200, Meike Stone wrote:
> > > Only for my understanding, is this necessary, if this samba server is
> > a standalone server?
> Not if you were running a standalone server, but the smb.conf you
> posted was for a Unix domain member

I'm sorry, I forgot that this has a meaning in the config ..
You are right, the server, the PC-client - all are members in an AD domain!
What I mean with that, it does not matter, what unix id the connection
user get, because
* the Server is the only samba Server (and Linux) in the AD domain,
the files are not copied between/ to other servers (<- that was what I
tried to say with standalone)
* the share uses force user/group with local user and group
> > And if it is necessary, do I have to delete the (old)
> > /var/lib/samba/*tdb files?
> It would probably help, but you have now confused me, is your PC joined
> to a domain, or does your smb.conf need totally re-writing to make it a
> standalone server ?
I'm sorry for the confusion.

> >
> However, if you change it now, it is likely that there will be some
> > ID
> changes.
> Does this matter, if all users access to a share that uses
> force user/group
> > as shown in the config?
> Probably not, but then why join it to the domain ???

I joined the samba server, that the users can use their
credentials via kerberos sso and that I can control access
to that share via a domain group

More information about the samba mailing list