[Samba] How to use ldapsam only for authentication?
rpenny at samba.org
Thu Jan 28 18:33:27 UTC 2016
On 28/01/16 17:42, mathias dufresne wrote:
> Hi Meike,
> As far as I understood you are using ldapsam only when Samba is running as
> AD domain controller.
No, you don't use ldapsam on a DC, you use ldapsam when your users etc
are stored in LDAP.
> And when Samba is running as AD DC, all user stuffs go to AD and so ldapsam.
Everything is stored in AD, this is a version of ldap, but you don't use
ldapsam with it.
> In the configuration you described I expect your users are existing twice:
> once in /etc/passwd as Linux users and once in Samba TDB as Samba users.
This would seem to be correct, I would suggest adding 'unix password
sync = yes' to smb.conf, I also think the OP also needs to add 'ldap' to
the passwd & group lines in /etc/nsswitch.
> As there is work to do to the change you speak about, why not take
> advantage of this change to also remove users from flat files? I mean, you
> can declare your AD users with the very same UID/GID and groups as those in
> flat files...
No, on a standalone server (this is what the OP has) you need the users
in /etc/passwd and Samba.
More information about the samba