[Samba] Workstations are member servers (or domain members) Re: Samba AD PDC , LDAP and Single-Sign-On

Mark Foley mfoley at ohprs.org
Sat Oct 10 00:37:21 UTC 2015


On Sat, 10 Oct 2015 08:23 Andrew Bartlett wrote:

> The main difference between use as a file server vs use as a desktop,
> is that pam_winbindd is mandatory for the Samba method (see elsewhere
> for using sssd or other tools), as that will get you you the desktop
> login.

Yes, that does clarify and give me comfort with respect to naming.  I understand
that the office-central Samba4 AD/DC is quite logically a "server", and I now
understand that my personal linux desktop in my private office is also referred
to as a "member server" (or will be when I get it set up properly), even though
my brain thinks of it as a "client" of the AD "server".  OK, not the first time
these terms have gotten scrambled in my mind. 

I'm not deep enough into it yet to grasp what you mean by "pam_winbindd is
mandatory". So far, Rowland, Sketch and their referenced link
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
are omitting references to PAM, but I'll cross that bridge if/when I get there.

Thanks, --Mark

-----Original Message-----
> Subject: Workstations are member servers (or domain members) Re: [Samba]
>  Samba AD PDC , LDAP and Single-Sign-On
> From: Andrew Bartlett <abartlet at samba.org>
> To: Mark Foley <mfoley at ohprs.org>, samba at lists.samba.org
> Date: Sat, 10 Oct 2015 08:23:23 +1300
>
> On Thu, 2015-10-08 at 18:08 -0400, Mark Foley wrote:
> > On Thu, 8 Oct 2015 15:46 Sketch wrote:
> > 
> > > It's easy in Linux with Samba as well.  You basically just need to
> > > follow 
> > > the directions here:
> > > 
> > > https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
> > 
> > Thanks for the feedback.  OK, I'll check out your link ASAP.  The
> > "Server" bit
> > in the link gives me pause.  I *have* a Samba4 AD/DC "server"
> > already.  I think
> > the linux workstations need to be "clients", but maybe this is just a
> > matter of
> > semantics.  I'll research. 
>
> In short, workstations are member servers too.  
>
> I do thank you for pointing out the gap in our naming scheme here -
> indeed we deviate a little from the common usage by saying 'member
> server' not 'domain member', but I can confirm that a linux-installed
> laptop and a windows-installed laptop desiring single-sign-on from the
> login prompt should be configured as 'domain members' or as we put it
> in that link, 'member servers'.
>
> The main difference between use as a file server vs use as a desktop,
> is that pam_winbindd is mandatory for the Samba method (see elsewhere
> for using sssd or other tools), as that will get you you the desktop
> login.
>
> I hope this clarifies things,
>
> Andrew Bartlett
>
> -- 
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba
>
>
>



More information about the samba mailing list