[Samba] winbind pam nsswitch question
Greg Adams
gadams at gmail.com
Wed Oct 6 15:25:35 GMT 2004
I am setting up a Samba 3.0.6 ADS member server, configured like this:
Windows 2000 ADS Server
Samba 3.0.6 ADS members server (Solaris 9) is a member of ADS domain
Windows XP clients are members of ADS domain, require access to Samba
shares on Solaris server.
I'm trying to make it so that I don't have to maintain a usermap to
map all of the users or groups in the ADS domain on the Solaris
server. I think I still need winbindd running in order for Samba to be
able to enumerate the users and groups on the ADS server, but I'm
confused as to which parts of the tutorials to follow. I don't want
the ADS accounts to be able to log in to the Solaris server, I just
want them to be able to map drives. I also don't want to have files
that the ADS accounts access to have user or group ownership based on
their ADS accounts... I'd like to force all the ADS users to a single
Solaris account. From looking at the tutorials, I'm thinking that I'll
use Unix directory permissions to achieve that instead of "force user"
in smb.conf. Here are my questions:
1. The By Example document talks about adding winbind to
/etc/nsswitch.conf and putting libnss_winbind.so in my /usr/lib
directory. Is this required for the situation described above, or is
this only required if you want to be able to log into the Solaris
server using an ADS account and password?
2. The Official Howto talks about adding pam_smbpass.so and/or
pam_winbind.so entries to /etc/pam.conf. Again, is this required for
the situation described above, or is this only required for logging
into Unix with ADS accounts?
Thanks for any info...
Greg Adams
More information about the samba
mailing list