[Samba] Disable Pam checking for Samba4 Standalone role server with samdb_dbds as passdb backend !

Gregory Sloop gregs at sloop.net
Mon Jun 16 13:36:49 MDT 2014 

"is there any way to access to Samba4 shares without engaging of OS pam (using Samba4 only) and without Samba4 AD DC mode (in which all worked for me without pam using) ..."

Define "access"
What client, what OS etc.

Samba 4 is everything in Samba 3 *PLUS* AD.

I believe there are some syntax changes to the smb.conf in S4, but I'm not aware of ANYTHING you could do in S3 that you can't do in S4.

If you can't do it, then either there's a comprehension problem, [It does appear english is not your native language, and perhaps there's some difficulty understanding what is said - which isn't a problem of itself, but communication can be.] or you're not reading and carefully working your way through the steps.




A little bit off-topic.
I don' t have wishing to irritate anyone.
And thanks for all who wants and have/had plans to help me.
But I don' t like when question/phrase/answer is called stupid without any reason and rights for it.
Moreover without providing any proofing.
I think here is showing of bad manner and it doesn' t matter whether you are guru or not, you know a lot or not yet and so on. More over when somebody's assumptions differs from other one.
I think there is place for showing of respection for each other. And best people, in my oppinion doesn' t have to behaviour way mentioned above.

I have still some spaces in my understanding of interoperatability between Samba4 and Pam.
I will read as Wiki as other sources. But regarding *specific* question: the question is still (for me) is there any way to access to Samba4 shares without engaging of OS pam (using Samba4 only) and without Samba4 AD DC mode (in which all worked for me without pam using) .
If somebody has solution differs from Winbindd and nssswitch, please, provide (or links to it) of course, if somebody has and wants to do so.
Anyway, I will discover this situation in my own and after will choose available and suitable for me solution.



2014-06-16 21:46 GMT+04:00 Gregory Sloop <gregs at sloop.net>:
Top posting.

You can argue all you want with Roland - but frankly he's some of the very best help available. [And it's clear you're already irritating him quite a bit, and probably, by association, many others who might contemplate helping you.]

I've not used Winbind or sssd to handle a situation like you want to do, but lots of people HAVE done so successfully. So, claiming Rowland is just puffing up his "opinion" isn't likely to improve your case.

Go back and review some of the list threads - there are many on Winbind and sssd. Read the wiki. Then, if you have some *specific* technical question you can't solve, then ask it. But pissing on the best people here isn't going to endear you to anyone who is likely to be able to help.


C> I will look at wiki look further and further.
C> But if ou have useful, really useful link, please send or post.
C> I talk about info where interoperation between Samba4 and OS local security
C> subsystem is described.


>>Because your users are storing information on the underlying OS, if the
>>underlying OS doesn't know the user, it will not store the information
>>or allow connection to it.

C> Again, when I add user to Samba4, he/she is stored in Samba4 only. Do you
C> agree with the statement ?


>>I fully understand the question, you seem to be unable to understand the
C> answers, or are unwilling to do so.

C> I understand your phrases. But you didn' t provide any proofs/links.
C> You can even be partly or fully right, but without any proofs I can
C> estimate your answers as your oppinion. But I need explonation or at least
C> proofing and solution.
C> Regarding Wiki, exact link you sent, it doesn' t explain, it describe "Make
C> domain users/groups available locally through Winbind" only.
C> And it can be understood in a double way, as yours one and as my assumption.


>> You do not need to create the users as Unix users as well, you just need
C> to make the underlying OS be able to get the users

>> from AD, on the samba4 AD you need to set up the winbind links and edit
C> /etc/nsswitch


It is: net user->>Samba4->Pam (OS authorize/security subsystem) -> Samba4
C> (via nssswitch) . There is partial cycling.


>> If you are accessing the shares over the net, you are accessing them
C> locally on the OS.
C> Ok. But Samba4 works from Roo as I remember. There are no problems.

C> And thirdly, one question you didn' t post anything.
C> I got working configuration whe I use Samba4 in AD DC mode without any
C> else. Why. What is difference ?

More information about the samba mailing list