[Samba] Password changes and syncing passwords with Linux accounts
Rowland penny
rpenny at samba.org
Tue Feb 16 20:51:33 UTC 2016
On 16/02/16 19:55, Chris Hastie wrote:
> On 16/02/16 18:13, Rowland penny wrote:
>>> >I don't have any such lines. Could it be this in the PAM config that
>>> >is causing the problem:
>>> >
>>> >auth optional pam_smbpass.so migrate
>>> >
>> Could well be, I do not seem to have this line in pam, which file is
>> it in ?
>> Also, what does 'pam-auth-update' show ?
> It's in /etc/pam.d/common-auth.
>
> pam-auth-update shows:
>
> [*] Unix authentication
> [*] Winbind NT/Active Directory authentication
> [*] Register user sessions in the systemd control group hierarchy
> [*] SMB password synchronization
> [*] Inheritable Capabilities Management
>
> Unchecking 'SMB password synchronization' removes the line from
> common-auth and seems to have solved the problem. So progress—I just
> need to sort out my groups now.
You might want to install the libpam-krb5 package, this will get you this:
[*] Kerberos authentication
>
> A related question. I see there is user 'root' known to winbind, and
> also in /etc/passwd. Does Samba have any need for this user (given the
> existance of 'Administrator')? I'm inclined to delete it from Samba
> and keep it in /etc/passwd. Would this be a sensible plan?
This is one user that you definitely want in /etc/passwd and not in AD.
On a Samba AD DC, the 'Administrator' user is mapped to the Unix user
'root', this allows you to set ACLs etc on the DC from windows.
Rowland
More information about the samba
mailing list