[Samba] Disable Pam checking for Samba4 Standalone role server with samdb_dbds as passdb backend !
CpServiceSPb .
cpservicespb at gmail.com
Tue Jun 17 04:33:39 MDT 2014
Thank you. Will look at.
2014-06-17 13:47 GMT+04:00 Stéphane PURNELLE <stephane.purnelle at corman.be>:
> Samba run on the OS like Apache, Gnome, ....
> The OS don't know what samba does.
> For the OS, samba are just daemon...
>
> If you look here :
> https://wiki.samba.org/index.php/Local_user_management_and_authentication
> You will see how to link user and group from samba to the OS
>
> And other information...
>
> DC part don't know the file-server part on samba 4
> that's mean that samba file-server part will not directly ask DC part,
> will use function like getpwnam for getting user autorisation (not
> authentication).
>
> Yes, samba run with root user but for ACL use the connected user.
>
>
> -----------------------------------
> Stéphane PURNELLE Admin. Systèmes et Réseaux
> Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
>
> "CpServiceSPb ." <cpservicespb at gmail.com> wrote on 17/06/2014 11:07:38:
>
> > De : "CpServiceSPb ." <cpservicespb at gmail.com>
> > A : Stéphane PURNELLE <stephane.purnelle at corman.be>,
> > Cc : samba at lists.samba.org
> > Date : 17/06/2014 11:07
> > Objet : Re: Disable Pam checking for Samba4 Standalone role server
> > with samdb_dbds as passdb backend !
>
> >
> > I have inderstood such interoperatabillity.
> > Ok, and may be there are no any variants except one.
> > But then I don' t understand how is access to shares handled in
> > Samba4 AD DC mode.
> > As I remember, I didn' t add users to OS as didn' t set up nsswitch,
> > I added user only to Samba4 when I made AD DC configuration.
> > Regarding "how file-system can know what uid..." I assume that as
> > Samba4 acts in OS, it acts from some OS user name (as I remember
> > from roo) and following Samba4 can 'connect' to physical folders in
> > its own but Samba4 'decides' who is able to access., who is not
> > (from net users) .
> > It is my assumption, partly bsed on Samba4 AD DC functioning.
> >
>
> > 2014-06-17 11:21 GMT+04:00 Stéphane PURNELLE <
> stephane.purnelle at corman.be>:
> > OK.
> >
> > I will try to explain simply.
> >
> > Samba is a layer between linux and windows.
> >
> > In this config, your user is in samba (samdb_dbds)
> > But when you try to use a share, samba need to verify if user can
> > use the file on server.
> > that's mean that OS must know samba user.
> > Otherwise how file-system can know what uid...
> >
> > nslcd or sssd or winbind can be used for that.
> >
> >
> >
> > -----------------------------------
> > Stéphane PURNELLE Admin. Systèmes et Réseaux
> > Service Informatique Corman S.A. Tel : 00 32
> (0)87/342467
> >
> > "CpServiceSPb ." <cpservicespb at gmail.com> wrote on 16/06/2014 19:13:04:
> >
> > > De : "CpServiceSPb ." <cpservicespb at gmail.com>
> > > A : stephane.purnelle at corman.be,
> > > Date : 16/06/2014 19:13
> > > Objet : Disable Pam checking for Samba4 Standalone role server with
> > > samdb_dbds as passdb backend !
> > >
> > > My first message:
> > >
> > > Here is Samba4 4.1.8 as StandAlone server role is installed at ubuntu
> > > 14.04 LTS from sources.
> > > There is samdb_dbds as passdb backend.
> > > Provisioning and adding user to Samba4 is successful.
> > > But there is no such user exactly at Ubuntu OS users.
> > > And I don' t want that there would be such user at OS !!
> > > But shares can not be accessed from Win XP/7 clients - user
> > > credentials are asked again and again even after right user/pass is
> > > gone to Samba4 from
> > > clients.
> > > And error "user in passdb, but getpwnam() fails! " is appeared in
> smbd.log.
> > > I have found the following at here:
> > >
> http://serverfault.com/questions/152961/user-in-passdb-but-getpwnam-fails
> > >
> > > What could somebody recommend that make working such solution ?
> > > In case of DC Samba4 role everything work fine.
> > > I don' t want to have user what is in Samba4 in OS !!
> > > I want to have differentb users for different apps !!
>
More information about the samba
mailing list