[Samba] Permission Denied

Rowland penny rpenny at samba.org
Tue Dec 8 16:54:13 UTC 2015

On 08/12/15 16:33, mathias dufresne wrote:
> 2015-12-08 17:15 GMT+01:00 Rowland penny <rpenny at samba.org>:
>> On 08/12/15 16:02, mathias dufresne wrote:
>>> On any Linux system where you want to be able to use AD users as system
>>> users you need to configure PAM. This because it is PAM which discuss with
>>> the tool you have chosen to retrieve users information from AD and then
>>> build system users with these information.
>> It may be better if you stop calling local Unix users 'system users',
>> system users are something else, i.e. 'root' is a system user, as is
>> 'www-data'
> System users are users available from system side.
> Local users are users declared in /etc/passwd.
> What is the point of your remark?

The point is that 'Unix system users" != 'Unix local users'

On a Unix system, low ID numbers are used for system users i.e. root, 
www-data, ntp etc, these numbers are all under 1000 (used to be 500 on 
redhat systems), but they all appear in /etc/passwd.
A Unix local user is a user that has an ID number of 1000 and upwards 
that appears in /etc/passwd. You can have a user called fred on two 
different Unix machines, but they would not be the same user. This is 
where AD comes in, by creating the user 'fred' in AD and giving the user 
a uidNumber, this user could log into any domain joined computer and 
would be the same user.



More information about the samba mailing list