[Samba] Disable Pam checking for Samba4 Standalone role server with samdb_dbds as passdb backend !

Rowland Penny rowlandpenny at googlemail.com
Mon Jun 16 06:33:32 MDT 2014

On 16/06/14 12:47, CpServiceSPb . wrote:
> >>/  There is Samba4 4.1.8 as StandAlone server role is installed at ubuntu
> />/> 14.04 LTS from sources.
> />/> There is samdb_dbds as passdb backend.
> />/> Provisioning and adding user to Samba4 is successful.
> />/> But there is no such user exactly at Ubuntu OS users.
> />/> And I don' t want that there would be such user at OS !!
> />/> But shares can not be accessed from Win XP/7 clients - user credentials are
> />/> asked again and again even after right user/pass is gone to Samba4 from
> />/> clients.
> /
> > This is because the underlying OS does not know about your AD users.
> Just a minute ! I have Samba4 4.1.8 which shares folders on NTFS mounted partitions.
> And as I understand Samba4 provides access to such shares.
> So, tell me how or what way is OS connected with serving this shares ?

At the moment your samba4 AD DC is only doing authentication i.e. your 
windows machines are asking your samba4 AD 'Do you know this user?' Your 
samba4 AD DC will answer 'yes' or 'no'.

Your user then attempts to connect to a share stored on the samba4 AD DC 
which knows the user BUT the underlying OS has to know the user as well, 
so it asks 'Do I know this user' and if the answer is 'no' because it 
cannot connect to the AD DC (because you haven't set it up to do so) it 
will ask for a password and try again and again until it gets fed up and 
declines to connect your AD user.

Does that answer your rather stupid question ???

I thought that the link to the wiki page would have given you a hint, 
there was the word 'local' in there.


> What or hiw is OS taken part in it ?
> By the way, if Samba4 acts as DC, nothing else is needed. All works fine without additional activity.

More information about the samba mailing list