samba - Feb 2019 - Authenticating AD users and Local users

With a lot of help, I just got AD authentication working (Samba 4.8.3, CentOS
7.6, using Winbind).
I then added a local account to a share, but I can’t login.
My smb.conf has “security = ads”, but I can’t figure out how to use that AND
authenticate local users.

How can I authenticate Active Directory AND local users?

Brian

On Fri, 15 Feb 2019 22:12:21 +0000
"Paquin, Brian via samba" <samba at lists.samba.org> wrote:
> With a lot of help, I just got AD authentication working (Samba
> 4.8.3, CentOS 7.6, using Winbind). I then added a local account to a
> share, but I can’t login. My smb.conf has “security = ads”, but I
> can’t figure out how to use that AND authenticate local users.
> 
> How can I authenticate Active Directory AND local users?
> 
> Brian
> 
How did you add the 'local' account to the share ?
Define 'login'

Please post your smb.conf (in the post, without commented lines)

Rowland

Thank you for replying!
I can login with my Active Directory credentials, but I can’t login using the
local CentOS “svc_dictations” account.
I created the local account usingusing “adduser”, “smbpasswd”, and then updating
my smb.conf file (below).

Thank you,

Brian

[global]
   workgroup = YALE
   password server = ad1.yu.yale.edu<http://ad1.yu.yale.edu>
ad2.yu.yale.edu<http://ad2.yu.yale.edu>
   realm = YU.YALE.EDU<http://YU.YALE.EDU>
   security = ads
   idmap config * : range = 16777216-33554431
   template shell = /sbin/nologin
   kerberos method = system keytab
   winbind use default domain = true
   winbind offline logon = true

idmap config YU:schema_mode = rfc2307
idmap config YU:range = 100000-199999
idmap config YU:backend = rid
idmap config * : range = 16777216-33554431
idmap * : backend = tbd
dedicated keytab file = /etc/krb5.keytab
log level = 4
guest account = nobody
guest ok = no
log file = /var/log/samba/log.%m

printing = cups
printcap name = cups
load printers = yes
cups options = raw
store dos attributes = yes
vfs objects = acl_xattr
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes

[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775

[testshare]
comment = testshare
path = /testshare
valid users = @pathology_its svc_dictations
writable = yes
read only = No


On Feb 16, 2019, at 3:33 AM, Rowland Penny via samba <samba at
lists.samba.org<mailto:samba at lists.samba.org>> wrote:

On Fri, 15 Feb 2019 22:12:21 +0000
"Paquin, Brian via samba" <samba at lists.samba.org<mailto:samba
at lists.samba.org>> wrote:

With a lot of help, I just got AD authentication working (Samba
4.8.3, CentOS 7.6, using Winbind). I then added a local account to a
share, but I can’t login. My smb.conf has “security = ads”, but I
can’t figure out how to use that AND authenticate local users.

How can I authenticate Active Directory AND local users?

Brian


How did you add the 'local' account to the share ?
Define 'login'

Please post your smb.conf (in the post, without commented lines)

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions: 
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Foptions%2Fsamba&amp;data=02%7C01%7Cbrian.paquin%40yale.edu%7C5c6090ca9ebe4cc7add208d693e97e9d%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C636859028488910148&amp;sdata=DnOCiIjUYJNCwv%2BKuKSUf4KHnjErBOL%2BlLTeQdyIDPU%3D&amp;reserved=0

[Yale Pathology Logo]
Brian Paquin
Help Desk Support Yale Pathology ITS
---------------------------------------------------
310 Cedar St. BML B50
New Haven, CT 06520
203-785-3691-office
203-785-2403-fax