[Samba] Samba forces domain members to use winbind now
Rowland Penny
rpenny at samba.org
Fri Mar 4 20:05:38 UTC 2022
On Fri, 2022-03-04 at 19:43 +0000, Vaughan, Robert J via samba wrote:
> > The 'nss' backend requires you to have the same users in your
> > database
> > and AD and the AD users would be mapped to the users in your
> > database.
>
> yes, that is correct, our UNIX LDAP has the same users in it as AD
> minus those who do not use SAMBA ( so it is a sub-set of AD)
well, you could look at it that way, but I wouldn't.
>
> > As you have already admitted that the ldap is only used for
> > authentication
>
> I thought AD was used for authentication and our LDAP used for
> authorization to the share (via the uid/gid)?
AD normally does both.
>
> Any idea why stopping samba/winbind and having to delete the tdb
> files is necessary to get it working again? Did you think that some
> problem looking them up in AD or our LDAP might result in winbind
> creating a mapping in tdb for that user that then would not have
> permissions on the share?
I thought I already said that, there is some reason why it keeps
breaking down, something that could easily be fixed by moving
everything into AD and turning your ldap off.
Rowland
More information about the samba
mailing list