[Samba] Winbind and AD: Local users with identical AD usernames
Rowland Penny
rpenny at samba.org
Tue Jun 20 12:09:00 UTC 2023
On 20/06/2023 13:00, Stefan Kania via samba wrote:
> Hi Stefan,
>
> Am 20.06.23 um 13:33 schrieb Sabolowitsch, Stefan via samba:
>> Hi there,
>> i hope someone can help me with this question.
>>
>> we successfully got Samba 4.11 up and running with Winbind on our SLES
>> 15.2.
> First thing 4.11 is far far out of service you should not use it in a
> production environment. Use 4.17 or better 4.18
>> the Linux server is a member of the Windows domain.
>> Due to a user with identical name in AD as well as locally on the
>> Linux server, we have the following problem.
>>
>> How can we make sure, that the "local user" (with the same name in ad)
>> is accessed only via ssh and the "ad user" only via smb ?
>>
> You could maybe manage this via pam.
Stefan, in my opinion, this is a very bad idea.
What if the username is 'stanley' and the AD user is called 'Stanley
Thebigboss' and the local user is called 'Stanley Isweepthefloors', Just
how is the OS supposed to differentiate between them ? If they are the
same user, why would you need two accounts ?
Just my 1p's worth.
Rowland
More information about the samba
mailing list