Results 1 to 2 of 2
I have a samba server where I create all the linux accounts and corresponding SMB accounts via a application I built. I manage all the permissions for all of our ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 09-03-2014 #1
- Join Date
- Mar 2008
Samba: Authenticate only local accounts over AD?
In our environment there is a Active Directory setup that I can use to authenticate users, and I would prefer to use that for authentication instead of local passwords. I dont have any type of access to this AD other than authentication. I can't write data or anything to it, I don't manage the system.
Now I was able to get my samba server on the Domain and it authenticates, but 2 issues:
1) I have to login using Domain\username and thus it creates brand new user account, so I have User1 and Domain\User1 accounts. Not what I want. I only want that single User1 local account that is authenticated over AD instead of local passwords.
2) Every person in that domain can login to the samba server, also not what i want. There are only select people that are determined through various conditions that can access the server. I only want the users that I have created local accounts for to be able to login to my samba server.
All the local accounts are setup so that the usernames match the corresponding AD user names, so that should not be an issue.
Any ideas on what I need to do?
- 09-03-2014 #2
- Join Date
- Apr 2012
- Virginia, USA
Try the nss idmap backend:
I assume you're using Samba3.
Standard linux file permissions apply, and so do Samba permissions. However, Unix gid's won't be available to Samba from Linux logins, if your users are part of local machine groups. It's best to use an AD group that all concerned members are a part of, if possible.
This page is worth reading: https://www.samba.org/samba/docs/using_samba/ch09.html