[Samba] Wither "uidNumber" and "gidNumber"? (was: Re: ldbedit: no matching records - cannot edit (newly-created user))
Jim Seymour
jseymour at LinxNet.com
Sat Sep 12 23:45:48 UTC 2015
On Sat, 12 Sep 2015 21:51:54 +0100
Rowland Penny <rowlandpenny241155 at gmail.com> wrote:
> On 12/09/15 21:30, Jim Seymour wrote:
> > On Sat, 12 Sep 2015 13:13:11 -0600
> > Nigel W <nigel.w at nosun.ca> wrote:
> >
> > [snip]
> >> You create the users on the directory with the same uid and
> >> uidNumber as the local users and then remove local users on the
> >> systems. Same applies to the groups.
> > [snip]
> >
> > Why would I want to remove the local users and groups? You mean
> > from /etc/passwd, /etc/group, /etc/shadow, NIS or whatever?
>
> You cannot have a local user and an AD user with the same name,
> this also goes for groups. Apart from possibly a few admin users,
> *all* your users & groups need to be in AD.
It just occurred to me: He was referring to "local user" in the
context of a (MS-Win) client machine, right? Not "local user" as in
user with *nix account on the server.
>
> >
> > Or... did the Samba4 provisioning throw entries into PAM? So now
> > Samba4's ldap data replaces it?
>
> Nothing in PAM, all in AD :-)
$ cat /etc/pam.d/samba
@include common-auth
@include common-account
@include common-session-noninteractive
https://www.samba.org/samba/docs/man/manpages-3/pam_winbind.8.html
Excerpt: "pam_winbind is a PAM module that can authenticate users
against the local domain by talking to the Winbind daemon."
Hmmm...
Anyway, I think we may be getting off the (immediate) path. (And
perhaps talking about different things.)
Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
More information about the samba
mailing list