Rowland Penny
2023-Jan-11 11:56 UTC
[Samba] How to login with local account while Samba in AD?
On 11/01/2023 11:28, Leszek Szczepanowski via samba wrote:> Dears, > > Forgive me maybe stupid question, but can I login to Samba share, with > local credentials, while it has joined AD domain? For now it seems it > always tries to authenticate every user in AD. We have issues with AD > itself, and until this is resolved I wanted to allow users use just one > common user/pass pair to access the share. >That is how Samba is supposed to work, it maps AD users to make them local users, this depends on the idmap backend and is one of the reasons not use a DC as a fileserver. You might be able to use the nss backend, but this will undoubtedly mean your users and groups getting different ID's. It might be easier to fix your AD, so what are your AD issues ? Rowland
Leszek Szczepanowski
2023-Jan-11 12:01 UTC
[Samba] How to login with local account while Samba in AD?
I helped myself in a way, that I'm can mount share by 1) using specific server IP out of the cluster 2) as a domain I put that server hostname 3) created local linux user on that machine only And it allowed me to mount a share :) mount -v -t cifs -o rw,username=nasuser,domain=FS,password=<password for nasuser> //<real machine ip>/symptoms /mnt/ FS is also used as a name for the Samba itself. ?r., 11 sty 2023 o 13:57 Rowland Penny via samba <samba at lists.samba.org> napisa?(a):> > > On 11/01/2023 11:28, Leszek Szczepanowski via samba wrote: > > Dears, > > > > Forgive me maybe stupid question, but can I login to Samba share, with > > local credentials, while it has joined AD domain? For now it seems it > > always tries to authenticate every user in AD. We have issues with AD > > itself, and until this is resolved I wanted to allow users use just one > > common user/pass pair to access the share. > > > > That is how Samba is supposed to work, it maps AD users to make them > local users, this depends on the idmap backend and is one of the reasons > not use a DC as a fileserver. > > You might be able to use the nss backend, but this will undoubtedly mean > your users and groups getting different ID's. > > It might be easier to fix your AD, so what are your AD issues ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- -- Leszek A. Szczepanowski twinsen at mspanc.net