Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Samba: Authenticate only local accounts over AD?

    I have a samba server where I create all the linux accounts and corresponding SMB accounts via a application I built. I manage all the permissions for all of our shares via ACL's also using the application i built. This works great as is, but I don't want to manage all the user passwords anymore as we have a couple hundred users.

    In our environment there is a Active Directory setup that I can use to authenticate users, and I would prefer to use that for authentication instead of local passwords. I dont have any type of access to this AD other than authentication. I can't write data or anything to it, I don't manage the system.

    Now I was able to get my samba server on the Domain and it authenticates, but 2 issues:

    1) I have to login using Domain\username and thus it creates brand new user account, so I have User1 and Domain\User1 accounts. Not what I want. I only want that single User1 local account that is authenticated over AD instead of local passwords.

    2) Every person in that domain can login to the samba server, also not what i want. There are only select people that are determined through various conditions that can access the server. I only want the users that I have created local accounts for to be able to login to my samba server.

    All the local accounts are setup so that the usernames match the corresponding AD user names, so that should not be an issue.

    Any ideas on what I need to do?

  2. #2
    Linux Engineer
    Join Date
    Apr 2012
    Virginia, USA
    Try the nss idmap backend:

    I assume you're using Samba3.

    Standard linux file permissions apply, and so do Samba permissions. However, Unix gid's won't be available to Samba from Linux logins, if your users are part of local machine groups. It's best to use an AD group that all concerned members are a part of, if possible.

    This page is worth reading:

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts