[Samba] Dual Authentication: Local and Active Directory
Robert Freeman-Day
presgas at gmail.com
Sun Sep 18 08:35:14 MDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yes, linux should be able to auth local and AD users. You would need to
make sure "/etc/nsswitch.conf" and your pam modules are configured
correctly.
At the very least, nsswitch should look similar to this:
passwd: compat winbind
group: compat winbind
shadow: compat winbind
Pam is a bit more complicated and you should read up on your
distribution's documentation or really know what you are doing.
However if you are running RHEL/Fedora, you could get it going with one
command (all on one line):
authconfig --update --enablepamaccess --enablelocauthorize --enablekrb5
- --enablewinbind --enablewinbindauth --enablewinbindoffline
--enablemkhomedir
So, this command sets up pam access with local
authentication/authorization as well as AD kerberized authentication and
AD winbind authorizaton. New users will have a home directory created
and it allows the opening for cached "offline" logins for AD people.
Hope that gets you started,
Robert
On 09/16/2011 06:59 PM, Aaron Clausen wrote:
> I was wondering if it was possible to get a Samba server that was
> acting as an AD member server to also be able to authenticate local
> users, or is stuck just serving AD users?
>
- --
________
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk52AaIACgkQup357T5MfTYGJgCdH5PcP2f6a9eGLqnwmnDrV8By
4rsAn3dYjulQzNfuvwCpW9/O9QHHONMq
=esal
-----END PGP SIGNATURE-----
More information about the samba
mailing list