[Samba] Local account login failed when samba join to LDAP

Rowland Penny rowlandpenny at googlemail.com
Tue Apr 1 05:09:09 MDT 2014


On 01/04/14 11:44, Johnson Cheng wrote:
> Dear Rowland,
>
> That's a point.
> AD will check to see if the user exists, it the user does not exist, the local passwd file is checked.
> I just don't understand why LDAP doesn't follow this behavior. LDAP doesn't check local passwd file if user does not exist on LDAP server.
>
> Regards,
> Johnson
You seem to be missing the point here, AD doesn't check anything, just 
like LDAP doesn't check anything. They, along with /etc/passwd, are a 
form of database and THEY are checked for a user.

If you run samba3 as a NT4 PDC, and connect to it with smbclient, then 
all that gets checked is whatever database you tell samba to use, be it 
tdbsam or ldapsam etc, it does not check local users, this is why any 
local users on a machine that you want to be samba users also have to 
exist in LDAP etc.

Rowland


More information about the samba mailing list