[Samba] DNS problems (still) with Linux domain members - using Samba's internal DNS backend

Rowland Penny rpenny at samba.org
Fri Apr 28 08:07:51 UTC 2023

On 28/04/2023 07:03, Christian Naumer via samba wrote:
> Am 28.04.23 um 06:13 schrieb Gary Dale via samba:
>> Under previous versions, my Windows account mapped to my Unix account. 
>> Without user mapping, I can only access Samba shares that Windows-only 
>> users access through my Windows account. Unix accounts can't be 
>> members of Windows groups and Windows group can't map to Unix groups 
>> either.
> Rowland will not like to hear this but you can still do this. Although I 
> agree with Rowland that you should not. If you use the "normal" Linux 
> tools you can add users from AD to Linux groups. That only works on the 
> machine you are doing this but it does work.
> You can even (Rowland do not read further) add local Samba users with 
> smbpasswd when your server is running with AD (I accidently did this 
> once) and use that to access your server. But makes everything even more 
> complex and harder to understand the behaviour in my opinion.
>> In any mixed environment, it seems that the two systems can no longer 
>> co-exist. Instead you have two solitudes. If you want to access things 
>> available to Windows users, you need a Windows account. If you want a 
>> local Unix account, you can't access Windows shares with it. User and 
>> group mapping used to bridge that gap.
> I think you are looking at this to strict. I have been using Samba for 
> some time and going to AD simplified things for me. And I have 
> absolutely no issues with Linux/Windows environment. OK I use sssd on 
> workstations but the member/file servers use Samba. I log onto my Linux 
> Computer with my AD account and can ssh, rsync or do smb file access 
> without having to use a password.
> Regards
> Christian

Never said you couldn't do it, I am just saying you shouldn't do it 
because there is no point to it. The whole idea of AD is to have a 
single point of maintenance and having local users & groups (except in 
exceptional cases) totally defeats that idea.


More information about the samba mailing list