[Samba] Password changes and syncing passwords with Linux accounts

Rowland penny rpenny at samba.org
Tue Feb 16 09:32:45 UTC 2016

On 16/02/16 09:21, Chris Hastie wrote:
> On 16/02/16 08:38, Rowland penny wrote:
>> You are not going to like this, but I am going to say it anyway:
>> *Remove* any users that are in AD from /etc/passwd (the same goes for
>> groups)
>> All your users & groups should now only exist in AD, you do not need
>> or can have, users & groups in AD *and* /etc/passwd & /etc/group.
>> Your users will only have one password and this will be stored in AD
>> in a hidden attribute.
> You're right. I don't like it. I don't like it because it leaves 
> things even more broken than before. Specifically, I can no longer log 
> into the linux at all. And some, but not all Samba based functionality 
> is lost, though I didn't leave it like that long enough to work out 
> exactly what. wbinfo -a someuser%somepassword succeeded, I could 
> browse from a Linux machine with cifs, but some ownCloud external 
> storage using smb failed.
> Presumably if I remove users from /etc/passwd then there is something 
> else I need to do to get linux logins to work again?
> Cheers
> Chris

Hi, if you run Samba as an AD DC, this is where your users will exist, 
for instance, this is my linux laptop that is joined to an AD domain:

rowland at debnet:~$ getent passwd rowland
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash

As you can see, I am know to linux, *but*

rowland at debnet:~$ cat /etc/passwd | grep rowland
rowland at debnet:~$

Returns nothing, I do not exist in /etc/passwd

I would suggest that you start here:


Some of the info is also applicable if you use a DC as a fileserver and 
you will have to click on links to get the full info.

Any further questions, please free to ask.


More information about the samba mailing list