[Samba] windows service access denied

Michael Tokarev mjt at tls.msk.ru
Sat Feb 12 07:46:19 UTC 2022


12.02.2022 01:24, Patrick Goetz via samba wrote:
> You have local accounts which match Samba AD accounts?  That seems like a terrible idea; but in particular surely the user SID's don't match and maybe 
> this is the problem?

Um. *why* this is a bad idea, Patrick?

It seems to be a popular topic (I faced another prob due to this), but it seems it all
boils down to 2 questions:

1. *why* it is actually a bad idea to have the same users locally and in AD?
Myself, I think about just one "user", parts of its attributes, roughly speaking, are
stored locally in /etc/passwd &Co for local access and parts are in AD, for access
over SMB network.  The two parts are in sync (I assume it is okay for that user to
not work right in case they're not in sync).  Why my view is a "terrible idea"?
This question is important, to me at least.

2. If it really is this that bad an idea, why this really important and confusing
for so many people fact isn't mentioned in bold on every ad-related page? :)
Seriously, people come to this conclusion only after facing many errors trying
to fix all sorts of probs. I guess it'd be much less surprising/confusing if
there was some information about this somewhere...

Thank you!

/mjt



More information about the samba mailing list