Linux – Samba 4 unix user != samba user

active-directorylinuxnetwork-sharesambasamba4

this may be an easy one for the samba pros out there:
I have an archlinux box up and running as an samba 4 AD which works as expected. I want to add an user to the samba which lead me to 2 different solutions:

Creating a samba only user with samba-tool user add USERNAME
Creating a samba user from a unix user using smbpasswd -a <username>

I tried it both ways but the user created has a different user id (generic/numeric username) and doesn't match the unix user, which leads to complications concerning the file permissions.

Is there a way to create "matching" user? Or am I totally missing the point?

Best Answer

Yes, Samba users and Linux users are distinguishable.

Linux user are authenticated through PAM. File is something like /etc/pam.d/login or /etc/pam.d/system-auth depending upon your distribution.

Instead, samba users are authenticated following the winbind deamon. There are authenticated against the domain which can be read in /etc/smb/samba.conf . If a user is authenticated by samba and that such Unix user exists, it is mapped to this user else to nobody by default.

To acceess to a file a user must be mapped to a user which have access to the file and also have access to the shared file in Samba. There is two layers of security.

May also be usefull https://ubuntuforums.org/showthread.php?t=1949199

Related Solutions

Samba – Import Active Directory users into Unix/Linux/FreeBSD group

You are probably better off configuring your FreeBSD systems to authenticate against Active Directory using pam_ldap/nss_ldap, or nss_ldapd (available in the FreeBSD ports collection), or the Microsoft Subsystem for Unix Applications (SUA) NIS server (more good info in the TechNet SFU/SUA Blog).

You also have the option of using the NFS Server available in the SUA kit to give the FreeBSD machines access to the share in question. (This is probably the most likely to work since the UNIX UID/GID -> AD UID/GID -> AD Permissions mapping chain is on the Windows server in this case.)

Note that you will need to extend your Windows users and groups to be POSIXAccounts and POSIXGroups for all of these cases.

Samba – Cannot access Debian smb share from Windows 7 64

If you haven't already, I'd first verify the samba share is accessible from another computer running linux.
```
mount -t cifs -o username=<share user>,password=<share password> //1.2.3.4/sharename /mnt
```

Then verify it mounted it successfully.

For what it's worth I'd try the Samba config below; this was taken from a working production setup with samba share on centos 7, and windows users accessing with username and password.

[global] 
security = user
passdb backend = tdbsam
Map to guest = Bad User
username map = /etc/samba/smbusers


[mediadisken]
path = /share
valid users = frankh smbadmin
public = yes
writable = yes
browseable = yes
create mode = 0666
directory mode = 0777
oplocks = false

Best Answer

Related Solutions

Samba – Import Active Directory users into Unix/Linux/FreeBSD group

Samba – Cannot access Debian smb share from Windows 7 64

Related Topic