[Samba] Disable Pam checking for Samba4 Standalone role server with samdb_dbds as passdb backend !

Mon Jun 16 11:46:24 MDT 2014

Top posting.

You can argue all you want with Roland - but frankly he's some of the very best help available. [And it's clear you're already irritating him quite a bit, and probably, by association, many others who might contemplate helping you.]

I've not used Winbind or sssd to handle a situation like you want to do, but lots of people HAVE done so successfully. So, claiming Rowland is just puffing up his "opinion" isn't likely to improve your case.

Go back and review some of the list threads - there are many on Winbind and sssd. Read the wiki. Then, if you have some *specific* technical question you can't solve, then ask it. But pissing on the best people here isn't going to endear you to anyone who is likely to be able to help.

C> I will look at wiki look further and further.
C> But if ou have useful, really useful link, please send or post.
C> I talk about info where interoperation between Samba4 and OS local security
C> subsystem is described.

>>Because your users are storing information on the underlying OS, if the
>>underlying OS doesn't know the user, it will not store the information
>>or allow connection to it.

C> Again, when I add user to Samba4, he/she is stored in Samba4 only. Do you
C> agree with the statement ?

>>I fully understand the question, you seem to be unable to understand the
C> answers, or are unwilling to do so.

C> I understand your phrases. But you didn' t provide any proofs/links.
C> You can even be partly or fully right, but without any proofs I can
C> estimate your answers as your oppinion. But I need explonation or at least
C> proofing and solution.
C> Regarding Wiki, exact link you sent, it doesn' t explain, it describe "Make
C> domain users/groups available locally through Winbind" only.
C> And it can be understood in a double way, as yours one and as my assumption.

>> You do not need to create the users as Unix users as well, you just need
C> to make the underlying OS be able to get the users
>> from AD, on the samba4 AD you need to set up the winbind links and edit
C> /etc/nsswitch

It is: net user->>Samba4->Pam (OS authorize/security subsystem) -> Samba4
C> (via nssswitch) . There is partial cycling.

>> If you are accessing the shares over the net, you are accessing them
C> locally on the OS.
C> Ok. But Samba4 works from Roo as I remember. There are no problems.

C> And thirdly, one question you didn' t post anything.
C> I got working configuration whe I use Samba4 in AD DC mode without any
C> else. Why. What is difference ?