[Samba] Disable Pam checking for Samba4 Standalone role server with samdb_dbds as passdb backend !

Rowland Penny rowlandpenny at googlemail.com
Mon Jun 16 13:23:36 MDT 2014 

On 16/06/14 19:56, CpServiceSPb . wrote:
> A little bit off-topic.
> I don' t have wishing to irritate anyone.
> And thanks for all who wants and have/had plans to help me.
> But I don' t like when question/phrase/answer is called stupid without any
> reason and rights for it.

I answered your initial post and pointed you at the samba wiki, you 
either didn't read it, understand it, or choose to ignore it. Your 
question was a bit stupid, so I answered it the same ;-)

> Moreover without providing any proofing.

I don't have to give you any proof what so ever, I don't even have to 
point you at what will help you get to where you want to be.

> I think here is showing of bad manner and it doesn' t matter whether you
> are guru or not, you know a lot or not yet and so on. More over when
> somebody's assumptions differs from other one.
> I think there is place for showing of respection for each other. And best
> people, in my oppinion doesn' t have to behaviour way mentioned above.

You mean bad manners like keep opening new threads rather than replying 
in the thread ?

> I have still some spaces in my understanding of interoperatability between
> Samba4 and Pam.

I personally think that you have rather large rifts in your 
understanding ;-)

> I will read as Wiki as other sources. But regarding *specific* question:
> the question is still (for me) is there any way to access to Samba4 shares
> without engaging of OS pam (using Samba4 only) and without Samba4 AD DC
> mode (in which all worked for me without pam using) .

No to the first, whatever way you set up samba4, yes to the second, you 
can always set samba4 up in the 'classic' way, but this would still need 
the underlying OS to know about your samba users.

> If somebody has solution differs from Winbindd and nssswitch, please,
> provide (or links to it) of course, if somebody has and wants to do so.
> Anyway, I will discover this situation in my own and after will choose
> available and suitable for me solution.
>
If you do find a way to get samba working without nsswitch, please do 
let us know, you will have made a major breakthrough ;-)

Rowland

>
> 2014-06-16 21:46 GMT+04:00 Gregory Sloop <gregs at sloop.net>:
>
>>   Top posting.
>>
>> You can argue all you want with Roland - but frankly he's some of the very
>> best help available. [And it's clear you're already irritating him quite a
>> bit, and probably, by association, many others who might contemplate
>> helping you.]
>>
>> I've not used Winbind or sssd to handle a situation like you want to do,
>> but lots of people HAVE done so successfully. So, claiming Rowland is just
>> puffing up his "opinion" isn't likely to improve your case.
>>
>> Go back and review some of the list threads - there are many on Winbind
>> and sssd. Read the wiki. Then, if you have some *specific* technical
>> question you can't solve, then ask it. But pissing on the best people here
>> isn't going to endear you to anyone who is likely to be able to help.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *C> I will look at wiki look further and further. C> But if ou have
>> useful, really useful link, please send or post. C> I talk about info where
>> interoperation between Samba4 and OS local security C> subsystem is
>> described. >>Because your users are storing information on the underlying
>> OS, if the >>underlying OS doesn't know the user, it will not store the
>> information >>or allow connection to it. C> Again, when I add user to
>> Samba4, he/she is stored in Samba4 only. Do you C> agree with the statement
>> ? >>I fully understand the question, you seem to be unable to understand
>> the C> answers, or are unwilling to do so. C> I understand your phrases.
>> But you didn' t provide any proofs/links. C> You can even be partly or
>> fully right, but without any proofs I can C> estimate your answers as your
>> oppinion. But I need explonation or at least C> proofing and solution. C>
>> Regarding Wiki, exact link you sent, it doesn' t explain, it describe "Make
>> C> domain users/groups available locally through Winbind" only. C> And it
>> can be understood in a double way, as yours one and as my assumption. >>
>> You do not need to create the users as Unix users as well, you just need C>
>> to make the underlying OS be able to get the users >> from AD, on the
>> samba4 AD you need to set up the winbind links and edit C> /etc/nsswitch It
>> is: net user->>Samba4->Pam (OS authorize/security subsystem) -> Samba4 C>
>> (via nssswitch) . There is partial cycling. >> If you are accessing the
>> shares over the net, you are accessing them C> locally on the OS. C> Ok.
>> But Samba4 works from Roo as I remember. There are no problems. C> And
>> thirdly, one question you didn' t post anything. C> I got working
>> configuration whe I use Samba4 in AD DC mode without any C> else. Why. What
>> is difference ? *
>>

More information about the samba mailing list