[Samba] Samba as a domain member:
Andrew Bartlett
abartlet at samba.org
Mon Jun 15 19:57:07 UTC 2020
On Mon, 2020-06-15 at 12:02 -0500, Christopher Cox via samba wrote:
> On 6/15/20 11:29 AM, Rowland penny via samba wrote:
> ... snippity
> > You also have 'unix password sync = Yes', you should remove this,
> > you cannot
> > have users in /etc/passwd and AD.
>
> Actually, as far as a base statement, you can have both, that is, the
> idea of a
> username in Windows AD and the same username in /etc/passwd. The
> namespaces are
> not cojoined. However, that doesn't mean "unix password sync" is
> ok. I don't
> know enough about the assumptions being made inside of samba with
> regards to that.
It is all a bit moot anyway, unless there is a local passdb entry for
the local user, the SAMR server won't operate for that user and so
there will be no way to change the password.
AD passwords are changed on a domain controller, not on or via the
domain member.
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list