Samba AD DC and winbindd
Rowland Penny
repenny241155 at gmail.com
Fri Feb 26 16:46:56 UTC 2016
On 26/02/16 14:27, mathias dufresne wrote:
> Sorry to come into but removing a potentially useful option because of lack
> of documentation on some other part of Samba seems to me a strange
> decision...
>
>
Yes it would seem that the docs do need updating, but to tell sysadmins
that you cannot have a user 'foo' in /etc/passwd *and* AD if you have
'winbind use default domain = yes' in smb.conf.
If you don't have the line in smb.conf, you can have a user 'foo' in
both /etc/passwd and AD, but the AD user will be shown as 'DOMAIN\foo'.
I have never tried it, but you should be able to log in as either 'foo'
or 'DOMAIN\foo', just like on a windows PC, this sort of explains why
the default home directory on a DC is '/home/DOMAIN/%U'. I also believe
that you should be able to map the AD user 'DOMAIN\foo' to the Unix user
'foo' via a username map.
If you do have the line in smb.conf, then the AD user 'foo' becomes the
Unix user 'foo', hence you cannot create a Unix user called 'foo' in
/etc/passwd, this is because, as far as the Unix machine is concerned,
the user already exists.
Rowland
More information about the samba-technical
mailing list