[Samba] Local account login failed when samba join to LDAP

[Chan Min Wai]

Dear Jason,


I think you are taking the idea wrong. 
1. If you remember, you need to do a smb user conversation before you can use samba. 
So this is the catch. 
Samba never, never support local /etc/passwd authentication. 

Then we come samba PDC with LDAP. 
You need to configure the password and users info in LDAP. 
BUT, your Linux need to know the LDAP info for it use like home and shell and etc. 
And you have a tools call smbldap-tools which do password sync if you change password from samba or from local unix. 

Again, samba never auth with local. 

So I guess that all you need to know..

Regards, 
Chan Min Wai 

> Rowland Penny <rowlandpenny at googlemail.com> 於 01/04/2014 7:09 PTG 寫道：
> 
>> On 01/04/14 11:44, Johnson Cheng wrote:
>> Dear Rowland,
>> 
>> That's a point.
>> AD will check to see if the user exists, it the user does not exist, the local passwd file is checked.
>> I just don't understand why LDAP doesn't follow this behavior. LDAP doesn't check local passwd file if user does not exist on LDAP server.
>> 
>> Regards,
>> Johnson
> You seem to be missing the point here, AD doesn't check anything, just like LDAP doesn't check anything. They, along with /etc/passwd, are a form of database and THEY are checked for a user.
> 
> If you run samba3 as a NT4 PDC, and connect to it with smbclient, then all that gets checked is whatever database you tell samba to use, be it tdbsam or ldapsam etc, it does not check local users, this is why any local users on a machine that you want to be samba users also have to exist in LDAP etc.
> 
> Rowland
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba