[Samba] Local account login failed when samba join to LDAP

[Johnson Cheng]

Dear Rowland,

That's a point.
AD will check to see if the user exists, it the user does not exist, the local passwd file is checked.
I just don't understand why LDAP doesn't follow this behavior. LDAP doesn't check local passwd file if user does not exist on LDAP server.

Regards,
Johnson

-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
Sent: Tuesday, April 01, 2014 3:54 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Local account login failed when samba join to LDAP

On 01/04/14 06:57, Johnson Cheng wrote:
> Dear Steve,
>
> I am not sure if I get your point.
> Does "ldap can hold all the information in just one db" mean it doesn't work when I have two DBs, tdbsam and ldapsam ?
>
> When samb3 join AD, it can work on both local accounts and AD accounts. Why LDAP can only support a DB?
>
You cannot use two samba databases, AD only uses one database, local users are NOT part of AD.
When you login into a machine that is joined to an AD server, AD is checked to see if the user exists, if the user does not exist, the local passwd file is checked and if the exists there (and the password is correct), they can login. If the local user then goes to another machine and tries to login, it will fail because the local user is not in AD or a local user on that machine. An AD user can login into any machine that is joined to the AD domain.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba