[Samba] Password changes and syncing passwords with Linux accounts
Rowland penny
rpenny at samba.org
Tue Feb 16 09:32:45 UTC 2016
On 16/02/16 09:21, Chris Hastie wrote:
> On 16/02/16 08:38, Rowland penny wrote:
>> You are not going to like this, but I am going to say it anyway:
>>
>> *Remove* any users that are in AD from /etc/passwd (the same goes for
>> groups)
>>
>> All your users & groups should now only exist in AD, you do not need
>> or can have, users & groups in AD *and* /etc/passwd & /etc/group.
>>
>> Your users will only have one password and this will be stored in AD
>> in a hidden attribute.
>
> You're right. I don't like it. I don't like it because it leaves
> things even more broken than before. Specifically, I can no longer log
> into the linux at all. And some, but not all Samba based functionality
> is lost, though I didn't leave it like that long enough to work out
> exactly what. wbinfo -a someuser%somepassword succeeded, I could
> browse from a Linux machine with cifs, but some ownCloud external
> storage using smb failed.
>
> Presumably if I remove users from /etc/passwd then there is something
> else I need to do to get linux logins to work again?
>
> Cheers
>
> Chris
>
Hi, if you run Samba as an AD DC, this is where your users will exist,
for instance, this is my linux laptop that is joined to an AD domain:
rowland at debnet:~$ getent passwd rowland
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
As you can see, I am know to linux, *but*
rowland at debnet:~$ cat /etc/passwd | grep rowland
rowland at debnet:~$
Returns nothing, I do not exist in /etc/passwd
I would suggest that you start here:
https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
Some of the info is also applicable if you use a DC as a fileserver and
you will have to click on links to get the full info.
Any further questions, please free to ask.
Rowland
More information about the samba
mailing list