samba - Apr 2024 - samba as a domain member: a way to ignore groups?

On Fri, 5 Apr 2024 17:24:33 +0300
Michael Tokarev <mjt at tls.msk.ru> wrote:
> 05.04.2024 17:16, Rowland Penny via samba wrote:
> > On Fri, 5 Apr 2024 16:43:42 +0300
> > Michael Tokarev via samba <samba at lists.samba.org> wrote:
> > 
> >> Hi!
> >>
> >> We had stand-alone anonymous samba server serving a read-only
share
> >> as guest account.  It worked well but had a few strange issues
> >> (like lots of noise in logs about bad smb2 signature).
> >>
> >> Its been suggested to switch to a domain member server.  I
didn't
> >> see the point since we don't need different user IDs and
security
> >> model, but okay, - I joined a new server to a domain.
> > 
> > Just one other thing, As far as I can see, no one on the list said
> > use a Unix domain member, they just suggested using a valid
> > username and password on your standalone server. Something like
> > 'sambauser%sambapass'
> 
> It was you who suggested to switch from anonymous server to a domain
> member, way earlier, - more than a year ago when I first asked about
> how to run an application from a samba share and be able to update
> files.
> 
> /mjt
I might have done so, a year ago, in a different context, but in this
thread, sharing non critical information (I take it is non critical),
you could just use a standalone server with one user 'sambauser' who
has the password 'sambapass' and tell everybody. This will stop the
annoying log messages.

Rowland

05.04.2024 17:50, Rowland Penny via samba:
> On Fri, 5 Apr 2024 17:24:33 +0300
> Michael Tokarev <mjt at tls.msk.ru> wrote:
> 
>> 05.04.2024 17:16, Rowland Penny via samba wrote:
>>> On Fri, 5 Apr 2024 16:43:42 +0300
>>> Michael Tokarev via samba <samba at lists.samba.org> wrote:
>>>
>>>> Hi!
>>>>
>>>> We had stand-alone anonymous samba server serving a read-only
share
>>>> as guest account.  It worked well but had a few strange issues
>>>> (like lots of noise in logs about bad smb2 signature).
>>>>
>>>> Its been suggested to switch to a domain member server.  I
didn't
>>>> see the point since we don't need different user IDs and
security
>>>> model, but okay, - I joined a new server to a domain.
>>>
>>> Just one other thing, As far as I can see, no one on the list said
>>> use a Unix domain member, they just suggested using a valid
>>> username and password on your standalone server. Something like
>>> 'sambauser%sambapass'
>>
>> It was you who suggested to switch from anonymous server to a domain
>> member, way earlier, - more than a year ago when I first asked about
>> how to run an application from a samba share and be able to update
>> files.
> 
> I might have done so, a year ago, in a different context, but in this
> thread, sharing non critical information (I take it is non critical),
I don't think I understand what do you mean by "non critical".
I gave the context, where I come from.  We're finally moving to a
domain member as has been suggested long ago.
> you could just use a standalone server with one user 'sambauser'
who
> has the password 'sambapass' and tell everybody. This will stop the
> annoying log messages.
Server should not ask for a password, or else there will be *huge*
support team burden.

Unfortunately all this does not answer to my question, - whether it is
possible to ignore domain groups of domain users.

Thanks,

/mjt