[Samba] Disable Pam checking for Samba4 Standalone role server with samdb_dbds as passdb backend !

Rowland Penny rowlandpenny at googlemail.com
Mon Jun 16 11:19:11 MDT 2014

On 16/06/14 18:04, CpServiceSPb . wrote:
> I will look at wiki look further and further.
> But if ou have useful, really useful link, please send or post.
> I talk about info where interoperation between Samba4 and OS local 
> security subsystem is described.
> >Because your users are storing information on the underlying OS, if the
> >underlying OS doesn't know the user, it will not store the information
> >or allow connection to it.
> Again, when I add user to Samba4, he/she is stored in Samba4 only. Do 
> you agree with the statement ?
Yes, your users need only exists in samba4 AD, BUT the underlying OS 
that samba4 runs on needs to access the samba 4 AD as well.

> >I fully understand the question, you seem to be unable to understand 
> the answers, or are unwilling to do so.
> I understand your phrases. But you didn' t provide any proofs/links.

I did provide you with a link to the samba wiki.

> You can even be partly or fully right, but without any proofs I can 
> estimate your answers as your oppinion. But I need explonation or at 
> least proofing and solution.

I am not going to surf the internet for you, read the rest of the wiki, 
there is a lot on there, do google searches etc.

> Regarding Wiki, exact link you sent, it doesn' t explain, it describe 
> "Make domain users/groups available locally through Winbind" only.

You were/are talking about using the samba4 AD server to store/server 
shares, you need to ensure that your OS/samba is set up correctly.

> And it can be understood in a double way, as yours one and as my 
> assumption.
> > You do not need to create the users as Unix users as well, you just 
> need to make the underlying OS be able to get the users
> > from AD, on the samba4 AD you need to set up the winbind links and 
> edit /etc/nsswitch
> It is: net user->Samba4->Pam (OS authorize/security subsystem) -> 
> Samba4 (via nssswitch) . There is partial cycling.
If you only have windows users, you only need to get the samba4 builtin 
winbind working correctly, if you also have unix users, it gets a bit 
more technical, you have to use sssd or nslcd etc, here again, all the 
info is on the wiki.

> > If you are accessing the shares over the net, you are accessing them 
> locally on the OS.
> Ok. But Samba4 works from Roo as I remember. There are no problems.

Go on, I give in, what is 'Roo' ???

> And thirdly, one question you didn' t post anything.
> I got working configuration whe I use Samba4 in AD DC mode without any 
> else. Why. What is difference ?
As standard, samba4 as an AD DC works just like a windows AD DC, the 
problems start to arise when you try to use the samba4 AD DC as a 
fileserver as well.


More information about the samba mailing list