[Samba] Local account login failed when samba join to LDAP

steve steve at steve-ss.com
Wed Apr 2 06:08:14 MDT 2014


On Wed, 2014-04-02 at 12:45 +0100, Rowland Penny wrote:

> If your samba3 machine is joined to the AD domain, it is a domain
> member, the ONLY place that will be checked to see if a user exists is
> AD. A user can only exist in AD, they cannot also be local users.

Hi
I think there is confusion between what we understand by: local users,
Linux users, AD users, domain users and LDAP users. Can't we adjust this
by the nss? We can have it look for local users first:
passwd: files winbind

or windows users first:
passwd: winbind files

If you use ldap:
passwd: files ldap

If the local user isn't found, it will then look in LDAP and then pass
it to PAM.

You can have both your Linux users and your domain users in LDAP as you
can in AD. The disadvantage of AD for Linux only users is that you must
also have the windows specific attributes even though you may never use
them.

Thanks,
Steve




More information about the samba mailing list