[Samba] Disable Pam checking for Samba4 Standalone role server with samdb_dbds as passdb backend !
rowlandpenny at googlemail.com
Mon Jun 16 11:19:11 MDT 2014
On 16/06/14 18:04, CpServiceSPb . wrote:
> I will look at wiki look further and further.
> But if ou have useful, really useful link, please send or post.
> I talk about info where interoperation between Samba4 and OS local
> security subsystem is described.
> >Because your users are storing information on the underlying OS, if the
> >underlying OS doesn't know the user, it will not store the information
> >or allow connection to it.
> Again, when I add user to Samba4, he/she is stored in Samba4 only. Do
> you agree with the statement ?
Yes, your users need only exists in samba4 AD, BUT the underlying OS
that samba4 runs on needs to access the samba 4 AD as well.
> >I fully understand the question, you seem to be unable to understand
> the answers, or are unwilling to do so.
> I understand your phrases. But you didn' t provide any proofs/links.
I did provide you with a link to the samba wiki.
> You can even be partly or fully right, but without any proofs I can
> estimate your answers as your oppinion. But I need explonation or at
> least proofing and solution.
I am not going to surf the internet for you, read the rest of the wiki,
there is a lot on there, do google searches etc.
> Regarding Wiki, exact link you sent, it doesn' t explain, it describe
> "Make domain users/groups available locally through Winbind" only.
You were/are talking about using the samba4 AD server to store/server
shares, you need to ensure that your OS/samba is set up correctly.
> And it can be understood in a double way, as yours one and as my
> > You do not need to create the users as Unix users as well, you just
> need to make the underlying OS be able to get the users
> > from AD, on the samba4 AD you need to set up the winbind links and
> edit /etc/nsswitch
> It is: net user->Samba4->Pam (OS authorize/security subsystem) ->
> Samba4 (via nssswitch) . There is partial cycling.
If you only have windows users, you only need to get the samba4 builtin
winbind working correctly, if you also have unix users, it gets a bit
more technical, you have to use sssd or nslcd etc, here again, all the
info is on the wiki.
> > If you are accessing the shares over the net, you are accessing them
> locally on the OS.
> Ok. But Samba4 works from Roo as I remember. There are no problems.
Go on, I give in, what is 'Roo' ???
> And thirdly, one question you didn' t post anything.
> I got working configuration whe I use Samba4 in AD DC mode without any
> else. Why. What is difference ?
As standard, samba4 as an AD DC works just like a windows AD DC, the
problems start to arise when you try to use the samba4 AD DC as a
fileserver as well.
More information about the samba