[Samba] Question on approach to authenticate Linux against Samba4

Jonathan Buzzard jonathan at buzzard.me.uk
Thu Jul 25 13:42:58 MDT 2013

On 25/07/13 17:59, dahopkins at comcast.net wrote:

> 1) will the unixHomedirectory be honored?
> 2) will I be able to easily add users so that the unix settings will
> be properly configured? I currently use the IDEALX smbldap tools.
> Being able to script account creation is very important to me ..
> adding 200+ user accounts manually each year is not very appealing.
> ;)

It is scriptable, though to be honest a powershell script from Windows 
probably works better at this point in time.

> 3) Will the scripting tools be able to automatically assign a unique
>  uid for each unix account. Current approach uses NextFreeUnixID but
>  this does not exist in the Samba4 database (the ldap entry is shown
>  below )

Nope. Either maintain the accounts somewhere else where you can do that 
and have a script that then creates and disables accounts as needed in 
AD, or have your script look for the highest UID and increment from that.

> I have read through the recent thread on winbind and honestly I am
> not sure that I want to pursue either winbind or sssd if it is
> possible to use nss_pam_ldap which seems closest to the current
> approach.

Assuming these are Linux workstations, then sssd is the way to go for 
the future. If you are running a samba 3.x member file server then I 
personally would use winbind. I have not looked at Samba4 yet (campus 
agreements in higher education where I work make real Microsoft AD 
controllers very very cheap that why would you do it), but there are 
reports of issues with winbind on samba4 file servers. Then again I 
would be hesitant in putting a Samba 4 file server into production. You 
gain little over a Samba 3.6.x server.


Jonathan A. Buzzard                 Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.

More information about the samba mailing list