[Samba] Workstations are member servers (or domain members) Re: Samba AD PDC , LDAP and Single-Sign-On

Mark Foley mfoley at ohprs.org
Sun Oct 11 05:55:00 UTC 2015 

On Sat, 10 Oct 2015 16:01 Andre Bartlett wrote:

> PAM is what will allow your console login to take the AD password.
> Otherwise, you get AD users and groups (via nss_winbind), but you can't
> log in with them by typing a password. 

Well then, I suppose I'll have to deal with that eventually. The
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server page warns me to
know what I'm doing before messing with PAM. I guess I'll have to ignore that
advice for now!

--Mark

-----Original Message-----
> Subject: Re: [Samba] Workstations are member servers (or domain members) Re:
>  Samba AD PDC , LDAP and Single-Sign-On
> From: Andrew Bartlett <abartlet at samba.org>
> To: Mark Foley <mfoley at ohprs.org>, samba at lists.samba.org
> Date: Sat, 10 Oct 2015 16:01:03 +1300
>
> On Fri, 2015-10-09 at 20:37 -0400, Mark Foley wrote:
> > On Sat, 10 Oct 2015 08:23 Andrew Bartlett wrote:
>
> > 
> > Yes, that does clarify and give me comfort with respect to naming.  I
> > understand
> > that the office-central Samba4 AD/DC is quite logically a "server",
> > and I now
> > understand that my personal linux desktop in my private office is
> > also referred
> > to as a "member server" (or will be when I get it set up properly),
> > even though
> > my brain thinks of it as a "client" of the AD "server".  OK, not the
> > first time
> > these terms have gotten scrambled in my mind. 
>
> The confusion comes because the other potential device is a 'member
> server' acting as a file server, and that is both far more common, and
> really a server.  The article is aimed at helping set this up, and
> happens to cover your case almost by co-incidence. 
>
> > I'm not deep enough into it yet to grasp what you mean by
> > "pam_winbindd is
> > mandatory". So far, Rowland, Sketch and their referenced link
> > https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
> > are omitting references to PAM, but I'll cross that bridge if/when I
> > get there.
>
> PAM is what will allow your console login to take the AD password.
> Otherwise, you get AD users and groups (via nss_winbind), but you can't
> log in with them by typing a password. 
>
> Thanks,
>
> Andrew Bartlett
>
> -- 
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba
>
>
>

More information about the samba mailing list