[Samba] Workstations are member servers (or domain members) Re: Samba AD PDC , LDAP and Single-Sign-On
Andrew Bartlett
abartlet at samba.org
Sat Oct 10 03:01:03 UTC 2015
On Fri, 2015-10-09 at 20:37 -0400, Mark Foley wrote:
> On Sat, 10 Oct 2015 08:23 Andrew Bartlett wrote:
>
> Yes, that does clarify and give me comfort with respect to naming. I
> understand
> that the office-central Samba4 AD/DC is quite logically a "server",
> and I now
> understand that my personal linux desktop in my private office is
> also referred
> to as a "member server" (or will be when I get it set up properly),
> even though
> my brain thinks of it as a "client" of the AD "server". OK, not the
> first time
> these terms have gotten scrambled in my mind.
The confusion comes because the other potential device is a 'member
server' acting as a file server, and that is both far more common, and
really a server. The article is aimed at helping set this up, and
happens to cover your case almost by co-incidence.
> I'm not deep enough into it yet to grasp what you mean by
> "pam_winbindd is
> mandatory". So far, Rowland, Sketch and their referenced link
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
> are omitting references to PAM, but I'll cross that bridge if/when I
> get there.
PAM is what will allow your console login to take the AD password.
Otherwise, you get AD users and groups (via nss_winbind), but you can't
log in with them by typing a password.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list