0

I have a linux server (SLES12 SP5) in a Windows domain.

>smbd -V
Version 4.10.5-git.192.26ffbcd72313.11.1-SUSE-SLE_12-x86_64

Accessing samba shares with a domain user works very well.

Unfortunately I can't access the share with a local samba user, if valid users is active.

>useradd -r -g tomcat test
>smbpasswd -a test
>systemctl restart smb.service

>getent passwd test
test:x:480:1002::/home/test:/bin/bash

smb.conf

[global]
    security = ADS
    realm = STL.BWL.NET
    workgroup = STL

    domain master = NO
    local master = NO
    preferred master = NO
    os level = 0

    template homedir = /home/%U
    template shell = /bin/bash
    kerberos method = secrets and keytab
    allow trusted domains = NO

    winbind enum users = YES
    winbind enum groups = YES
    winbind cache time = 10
    winbind use default domain = YES
    winbind refresh tickets = YES

    idmap config STL : backend = rid
    idmap config STL : range = 100000-400000

    idmap config * : backend = tdb
    idmap config * : range = 500000-800000

    ntlm auth = NO
    lanman auth = NO
    client use spnego = YES
    client ntlmv2 auth = YES
    encrypt passwords = YES
    restrict anonymous = 2
    usershare allow guests = NO

    printing = bsd
    printcap name = /dev/null

    map acl inherit = YES
    store dos attributes = YES
    ea support = YES

    public = NO
    browseable = YES
    writeable = YES
    guest ok = NO

    create mask = 0660
    directory mask = 0770

[web]
        path = /web
        valid users = @GRP_R13_QS STL1408

[tomcat]
        path = /web/tomcat
        valid users = test
stalachristian
  • 3
  • 1

1 Answers1

0

First, can I suggest you read 'man smb.conf' and remove all the lines that shouldn't be there.

Second, both of your shares are read only, if you want users to write to the shares, add 'read only = no' to each

Third, local users on a Unix domain member are just that, they cannot connect to a Samba share, but they would be able to read/write to the directory if logged in locally.

If you want to connect to a share with the user 'test', delete it from /etc/passwd and create it in AD.

Rowland Penny
  • 161
  • 2
  • 1st. The output of 'testparm' gives no hint about wrong parameters 2nd. writeable = yes <--> read only = no 3rd. Login with local samba users worked in older versions with IP\localusername – stalachristian Aug 12 '20 at 06:04
  • testparm will print default lines and whilst you do have 'writeable = yes' set in global, the default 'read only = yes' will override it in the shares. As for 'IP\localusername', we fixed that. – Rowland Penny Aug 12 '20 at 07:18
  • testparm -v print read only = no In my case I don't need write access. As for 'IP\localusername', we fixed that >> You need to explain that. – stalachristian Aug 12 '20 at 10:49