[Samba] DNS problems (still) with Linux domain members - using Samba's internal DNS backend
Rowland Penny
rpenny at samba.org
Fri Apr 28 08:07:51 UTC 2023
On 28/04/2023 07:03, Christian Naumer via samba wrote:
> Am 28.04.23 um 06:13 schrieb Gary Dale via samba:
>> Under previous versions, my Windows account mapped to my Unix account.
>> Without user mapping, I can only access Samba shares that Windows-only
>> users access through my Windows account. Unix accounts can't be
>> members of Windows groups and Windows group can't map to Unix groups
>> either.
>
> Rowland will not like to hear this but you can still do this. Although I
> agree with Rowland that you should not. If you use the "normal" Linux
> tools you can add users from AD to Linux groups. That only works on the
> machine you are doing this but it does work.
> You can even (Rowland do not read further) add local Samba users with
> smbpasswd when your server is running with AD (I accidently did this
> once) and use that to access your server. But makes everything even more
> complex and harder to understand the behaviour in my opinion.
>
>>
>> In any mixed environment, it seems that the two systems can no longer
>> co-exist. Instead you have two solitudes. If you want to access things
>> available to Windows users, you need a Windows account. If you want a
>> local Unix account, you can't access Windows shares with it. User and
>> group mapping used to bridge that gap.
>
> I think you are looking at this to strict. I have been using Samba for
> some time and going to AD simplified things for me. And I have
> absolutely no issues with Linux/Windows environment. OK I use sssd on
> workstations but the member/file servers use Samba. I log onto my Linux
> Computer with my AD account and can ssh, rsync or do smb file access
> without having to use a password.
>
>
> Regards
>
> Christian
>
>
>
Never said you couldn't do it, I am just saying you shouldn't do it
because there is no point to it. The whole idea of AD is to have a
single point of maintenance and having local users & groups (except in
exceptional cases) totally defeats that idea.
Rowland
More information about the samba
mailing list