[Samba] ads authentication and Solaris

Greg Byshenk samba at byshenk.net
Tue Sep 30 18:26:43 GMT 2008

On Mon, Sep 29, 2008 at 10:05:17AM -0700, William Wilson wrote:

> We have a number of Solaris servers that we run samba shares off of.  
> So far, even using ads for authentication, we have to set up accounts  
> so an entry is in the passwd file for the user. Is there any way to  
> bypass passwd completely and just authenticate via the domain?

I'm not currently running samba on Solaris, but have been playing a
bit with using pure ADS auth on a FreeBSD machine, and it seems to

What is required is to enable pam_winbind for ssh (and presumably
for anything else desired, but I've only done ssh connections so
far), set winbind for 'passwd' and 'group' entries in nsswitch.conf,
and mount /home at /home/<DOMAIN>.

Currently you have to login as <DOMAIN>\user, but I believe that
setting 'winbind use default domain = yes' in smb.conf should 
allow "bare" usernames. (I haven't got so far as testing this, yet.)

greg byshenk  -  gbyshenk at byshenk.net  -  Leiden, NL

More information about the samba mailing list