[Samba] Disable Pam checking for Samba4 Standalone role server with samdb_dbds as passdb backend !

L.P.H. van Belle belle at bazuin.nl
Tue Jun 17 03:26:46 MDT 2014 

question : "is there any way to access to Samba4 shares without engaging of OS pam (using Samba4 only) and without Samba4 AD DC mode (in which all worked for me without pam using) ..."
answhere : yes. 

Wel without going in detail and providing proof for the solution then. 

[Global. ]

security = 
guest ok =
map to guest = 

[share]
guest ok = 
guest only = 

no user needed on domain/server or pc. 

Good luck. 


Greetz, 

Louis


>-----Oorspronkelijk bericht-----
>Van: cpservicespb at gmail.com 
>[mailto:samba-bounces at lists.samba.org] Namens CpServiceSPb .
>Verzonden: maandag 16 juni 2014 20:57
>Aan: Greg Sloop
>CC: samba at lists.samba.org
>Onderwerp: Re: [Samba] Disable Pam checking for Samba4 
>Standalone role server with samdb_dbds as passdb backend !
>
>A little bit off-topic.
>I don' t have wishing to irritate anyone.
>And thanks for all who wants and have/had plans to help me.
>But I don' t like when question/phrase/answer is called stupid 
>without any
>reason and rights for it.
>Moreover without providing any proofing.
>I think here is showing of bad manner and it doesn' t matter 
>whether you
>are guru or not, you know a lot or not yet and so on. More over when
>somebody's assumptions differs from other one.
>I think there is place for showing of respection for each 
>other. And best
>people, in my oppinion doesn' t have to behaviour way mentioned above.
>
>I have still some spaces in my understanding of 
>interoperatability between
>Samba4 and Pam.
>I will read as Wiki as other sources. But regarding *specific* 
>question:
>the question is still (for me) is there any way to access to 
>Samba4 shares
>without engaging of OS pam (using Samba4 only) and without Samba4 AD DC
>mode (in which all worked for me without pam using) .
>If somebody has solution differs from Winbindd and nssswitch, please,
>provide (or links to it) of course, if somebody has and wants to do so.
>Anyway, I will discover this situation in my own and after will choose
>available and suitable for me solution.
>
>
>
>2014-06-16 21:46 GMT+04:00 Gregory Sloop <gregs at sloop.net>:
>
>>  Top posting.
>>
>> You can argue all you want with Roland - but frankly he's 
>some of the very
>> best help available. [And it's clear you're already 
>irritating him quite a
>> bit, and probably, by association, many others who might contemplate
>> helping you.]
>>
>> I've not used Winbind or sssd to handle a situation like you 
>want to do,
>> but lots of people HAVE done so successfully. So, claiming 
>Rowland is just
>> puffing up his "opinion" isn't likely to improve your case.
>>
>> Go back and review some of the list threads - there are many 
>on Winbind
>> and sssd. Read the wiki. Then, if you have some *specific* technical
>> question you can't solve, then ask it. But pissing on the 
>best people here
>> isn't going to endear you to anyone who is likely to be able to help.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *C> I will look at wiki look further and further. C> But if ou have
>> useful, really useful link, please send or post. C> I talk 
>about info where
>> interoperation between Samba4 and OS local security C> subsystem is
>> described. >>Because your users are storing information on 
>the underlying
>> OS, if the >>underlying OS doesn't know the user, it will 
>not store the
>> information >>or allow connection to it. C> Again, when I add user to
>> Samba4, he/she is stored in Samba4 only. Do you C> agree 
>with the statement
>> ? >>I fully understand the question, you seem to be unable 
>to understand
>> the C> answers, or are unwilling to do so. C> I understand 
>your phrases.
>> But you didn' t provide any proofs/links. C> You can even be 
>partly or
>> fully right, but without any proofs I can C> estimate your 
>answers as your
>> oppinion. But I need explonation or at least C> proofing and 
>solution. C>
>> Regarding Wiki, exact link you sent, it doesn' t explain, it 
>describe "Make
>> C> domain users/groups available locally through Winbind" 
>only. C> And it
>> can be understood in a double way, as yours one and as my 
>assumption. >>
>> You do not need to create the users as Unix users as well, 
>you just need C>
>> to make the underlying OS be able to get the users >> from AD, on the
>> samba4 AD you need to set up the winbind links and edit C> 
>/etc/nsswitch It
>> is: net user->>Samba4->Pam (OS authorize/security subsystem) 
>-> Samba4 C>
>> (via nssswitch) . There is partial cycling. >> If you are 
>accessing the
>> shares over the net, you are accessing them C> locally on 
>the OS. C> Ok.
>> But Samba4 works from Roo as I remember. There are no 
>problems. C> And
>> thirdly, one question you didn' t post anything. C> I got working
>> configuration whe I use Samba4 in AD DC mode without any C> 
>else. Why. What
>> is difference ? *
>>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list