我在 Windows 域中有一个 linux 服务器 (SLES12 SP5)。
>smbd -V
Version 4.10.5-git.192.26ffbcd72313.11.1-SUSE-SLE_12-x86_64
使用域用户访问 samba 共享非常有效。
不幸的是,如果处于活动状态,我无法使用本地 samba 用户访问共享valid users。
>useradd -r -g tomcat test
>smbpasswd -a test
>systemctl restart smb.service
>getent passwd test
test:x:480:1002::/home/test:/bin/bash
配置文件
[global]
security = ADS
realm = STL.BWL.NET
workgroup = STL
domain master = NO
local master = NO
preferred master = NO
os level = 0
template homedir = /home/%U
template shell = /bin/bash
kerberos method = secrets and keytab
allow trusted domains = NO
winbind enum users = YES
winbind enum groups = YES
winbind cache time = 10
winbind use default domain = YES
winbind refresh tickets = YES
idmap config STL : backend = rid
idmap config STL : range = 100000-400000
idmap config * : backend = tdb
idmap config * : range = 500000-800000
ntlm auth = NO
lanman auth = NO
client use spnego = YES
client ntlmv2 auth = YES
encrypt passwords = YES
restrict anonymous = 2
usershare allow guests = NO
printing = bsd
printcap name = /dev/null
map acl inherit = YES
store dos attributes = YES
ea support = YES
public = NO
browseable = YES
writeable = YES
guest ok = NO
create mask = 0660
directory mask = 0770
[web]
path = /web
valid users = @GRP_R13_QS STL1408
[tomcat]
path = /web/tomcat
valid users = test
首先,我可以建议您阅读“man smb.conf”并删除所有不应该存在的行。
其次,您的两个共享都是只读的,如果您希望用户写入共享,请在每个共享中添加“只读 = 否”
第三,Unix 域成员上的本地用户就是这样,他们无法连接到 Samba 共享,但如果在本地登录,他们将能够读取/写入目录。
如果您想与用户“test”连接到共享,请将其从 /etc/passwd 中删除并在 AD 中创建。