[Samba] Disable Pam checking for Samba4 Standalone role server with samdb_dbds as passdb backend !

[Rowland Penny]

On 14/06/14 01:20, CpServiceSPb . wrote:
> There is Samba4 4.1.8 as StandAlone server role is installed at ubuntu
> 14.04 LTS from sources.
> There is samdb_dbds as passdb backend.
> Provisioning and adding user to Samba4 is successful.
> But there is no such user exactly at Ubuntu OS users.
> And I don' t want that there would be such user at OS !!
> But shares can not be accessed from Win XP/7 clients - user credentials are
> asked again and again even after right user/pass is gone to Samba4 from
> clients.

This is because the underlying OS does not know about your AD users.

> And error "user in passdb, but getpwnam() fails! " is appeared in smbd.log.
> I have found the following at here:
> http://serverfault.com/questions/152961/user-in-passdb-but-getpwnam-fails

That will never work, it is all about 'classic' samba with LDAP

> What could somebody recommend that make working solution ?
> In case of DC Samba4 role everything work fine.
> I don' t want to have user what is in Samba4 in OS !!
> I want to have differentb users for different apps !!
You need to get your OS to know about your AD users, this is usually 
done by altering /etc/nsswitch.conf

Have a look here: 
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server

Specifically: Make domain users/groups available locally through winbind

Rowland