[Samba] Disable Pam checking for Samba4 Standalone role server with samdb_dbds as passdb backend !

Stéphane PURNELLE stephane.purnelle at corman.be
Mon Jun 16 09:19:48 MDT 2014


I don't have your first mail... so could you tell me what do you want to 

I jsut understand that you have a samba 4 server acting as a DC 
You have a file server (samba or Windows ?) and you want to user access to 
share ?

I need just to know where is users (in A DC or a standalone server ) ?



Stéphane PURNELLE                         Admin. Systèmes et Réseaux 
Service Informatique       Corman S.A.           Tel : 00 32 (0)87/342467

De :    "CpServiceSPb ." <cpservicespb at gmail.com>
A :     samba at lists.samba.org, 
Cc :    rowlandpenny at gmail.com
Date :  16/06/2014 17:12
Objet : [Samba] Disable Pam checking for Samba4 Standalone role server 
with samdb_dbds as passdb backend !
Envoyé par :    samba-bounces at lists.samba.org

> At the moment your samba4 AD DC is only doing authentication i.e. your 
windows machines are asking your samba4 AD 'Do you
> know this user?' Your samba4 AD DC will answer 'yes' or 'no'.
Let's assume.
> Your user then attempts to connect to a share stored on the samba4 AD DC 
which knows the user BUT the underlying OS has to know
> the user as well,
So, very intellegent man, why so, that' s why does underlying OS have
to know that the user is well also ?
If Samba4 provide access to shares and serve access to it.
> Specifically: Make domain users/groups available locally through 
For 2 lines just above: I DON'T NEED access locally - I don' t want to
use Samba4 users for access OS and OS non shared folders.
I need only access to shares from the net, not to local equivalent of
its shares.

If it is your se..al fantasies, that' s ok, but don' t neet to show
your bad manners saying that "rather stupid question" .
Even if you have not understood partially or fully the question.
Otherwise, firstly, provide some proofs/link/rfcs or some look like
this or try to understand more deeply the question.

I can in my own make assumption that in the case of Samba4 and Linux
OS for Samba4 handled shares Samba4 only check user existence,
but password checking for such user makes Linux OS but I don' t know
exactly is there so or not.
But why is it not necessary in case of Samba4 AD DC mode. I made such
question also (in one of previous message) .

I added user only to Samba4 (AD DC) , and not also to OS.
And access is for net share from a net, not to the physical folder
locally. And to shares are handled by Samba4.

May be there is some info I simply don' t know about. But I don' t
have any internal plans/info from Samba4 devteam regarding
this 'question' . That is such is had to be: Samba4+OS pam for Samba4
shares access from net, not using Samba4 users for access
to OS and not shared folders.

May be or if you have such info, it is not a reason to say that
"rather stupid question" without doing logical, reasonable
and senseable explanation and without providing current and real (valid) 

As shortly: I need acces to Samba4 shares from a net using Samba4
users, not access to OS using Samba4 users.

In case of having access to OS locally using Samba4 users (users who
re in Samba4) winbindd connections to OS pam is necessary. I agree
with it.
More over, when I used Samba3 I was compelled to use winbindd with nss.

If such combinations for my situation is necessary, please provide a
link to some proof.
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list