I have noticed that after configuring the Active Directory services to allow access to SAMBA with both domain users and local users, upon restarting TrueNAS, it does not allow access to local users in Samba. After comparing the output of the "testparm" command when it works with both users (local and Active Directory), I have noticed that when it does not work, the following line is missing in the [GLOBAL] block:
passdb backend = tdbsam:/var/run/samba-cache/private/passdb.tdb
To fix this, I edited the file with "nano /usr/lib/python3/dist-packages/middlewared/plugins/activedirectory.py" and added the line in the script, resulting in the final outcome as follows:
AD_SMBCONF_PARAMS = {
"server role": "member server",
"kerberos method": "secrets and keytab",
"security": "ADS", "local master": False,
"domain master": False,
"preferred master": False,
"winbind cache time": 7200,
"passdb backend": "tdbsam:/var/run/samba-cache/private/passdb.tdb",
"winbind max domain connections": 10,
"client ldap sasl wrapping": "seal",
"template shell": "/bin/sh",
"template homedir": None,
"ads dns update": None,
"realm": None,
"allow trusted domains": None,
"winbind enum users": None,
"winbind enum groups": None,
"winbind use default domain": None,
"winbind nss info": None,
}
Now, after restarting TrueNAS, both local users and Active Directory users connect perfectly.
passdb backend = tdbsam:/var/run/samba-cache/private/passdb.tdb
To fix this, I edited the file with "nano /usr/lib/python3/dist-packages/middlewared/plugins/activedirectory.py" and added the line in the script, resulting in the final outcome as follows:
AD_SMBCONF_PARAMS = {
"server role": "member server",
"kerberos method": "secrets and keytab",
"security": "ADS", "local master": False,
"domain master": False,
"preferred master": False,
"winbind cache time": 7200,
"passdb backend": "tdbsam:/var/run/samba-cache/private/passdb.tdb",
"winbind max domain connections": 10,
"client ldap sasl wrapping": "seal",
"template shell": "/bin/sh",
"template homedir": None,
"ads dns update": None,
"realm": None,
"allow trusted domains": None,
"winbind enum users": None,
"winbind enum groups": None,
"winbind use default domain": None,
"winbind nss info": None,
}
Now, after restarting TrueNAS, both local users and Active Directory users connect perfectly.