[Samba] Samba4 AD

mathias dufresne infractory at gmail.com
Mon Feb 8 11:00:43 UTC 2016 

Hi,

authconfig is supposed to do the job of configuring PAM for you on Centos
and Redhat like.

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/winbind-auth.html

Simple way to check if PAM is configured to use winbind:
grep winbind /etc/pam.d/*

If this command returns nothing or only links, that not configured.
If this command returns uncommented lines, that does NOT mean PAM is well
configured.

Cheers,

mathias

2016-02-07 19:09 GMT+01:00 Rowland penny <rpenny at samba.org>:

> On 07/02/16 16:18, Alessandro Baggi wrote:
>
>> Il 07/02/2016 17:07, Rowland penny ha scritto:
>>
>>> On 07/02/16 15:39, Alessandro Baggi wrote:
>>>
>>>>
>>>>>>
>>>>> Follow the information you will find here:
>>>>> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>>>>>
>>>>> Rowland
>>>>>
>>>>>
>>>> Thank you Rowland for your answer.
>>>> I've ridden this doc, correct me if I'm wrong, but It explain how to
>>>> join a domain for workstation/fileserver/other. After configuring and
>>>> joining the domain, winbind in nsswitch.conf permit to see other user
>>>> on the new member machine. So if you need to set permission you can.
>>>>
>>>>
>>>>
>>>> I don't want join a DC from a file-server on separated machine, I want
>>>> serve share-resource located on the same machine where AD DC is
>>>> configured.
>>>> Samba4 can serve as AD DC and file server in the same time?
>>>>
>>>> It is possible?
>>>>
>>>>
>>>>
>>>>
>>>>
>>> The page is written for a domain member, but you can use some of the
>>> info on a DC, What you will need to check is if the libnss links are
>>> setup and if 'winbind' is in /etc/nsswitch.conf.
>>>
>>> You may need another file, but we will cross that bridge if and when we
>>> come to it.
>>>
>>> It is not recommended to use the DC as a fileserver, but you will not be
>>> the only one who does :-)
>>>
>>> What OS are you using.
>>>
>>> Rowland
>>>
>>>
>>>
>> I'm using Centos7 but with sernet packages.
>>
>> How to check if libnss links are setup? I've already configure
>> nsswitch.conf with winbind but user does not appears using getent.
>>
>>
> The information is on the wiki page I pointed to earlier, but you may have
> missed the link to this page:
>
> https://wiki.samba.org/index.php/Libnss_winbind_links
>
> I use debian (well, Devuan really) and you can set up PAM by just adding a
> file, but my understanding is that Centos doesn't work in the same way, you
> have to manually set up PAM yourself or by using something called
> authconfig ?? I suggest you search google (other search providers are
> available) for how to use it.
>
> What you are trying to do is possible, you just need to get the setup
> correct.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list