[Samba] integrating samba with pam

Rowland Penny rpenny at samba.org
Sat Jul 1 15:30:25 UTC 2017

On Sat, 01 Jul 2017 11:48:21 -0300
Guido Lorenzutti via samba <samba at lists.samba.org> wrote:

> Hi there! 
> I been using samba3 with ldap for years, and now im
> about to move to samba4 to leave the slapd. 

I take it you mean that you use Samba as an AD DC
> I didnt try yet to migrate
> the directory from samba3 to samba4. But i did setup a new domain and
> everything looks ok. 
> My doubt is related to the configuration of the
> computers with linux so that they can take advantage of the users and
> passwords of ldap. But also, groups that are unix exclusive. 

It doesn't work that way, you create groups in AD and then make them
Unix groups as well.
> I didnt
> find a way to create groups that in samba3 where only unix:
> smbgroupadd group 
> (withouth the -a) 
> Is this possible? 

No, not unless you create a new NT4-style domain and I strongly urge
you not go down this path, they are things of the past and Microsoft
seems to be trying to make it harder and harder to use them.

> Also, i
> dont want to install winbind in every workstation to authenticate
> against samba4. How can i configure pam_ldap and nslcd to validate my
> users and groups? I did install kerberos and everything seems ok. 

Why do you want to do this ?
The way the Samba code is now written, it needs winbind installed, so
you might as well use it.

See here for more info on setting up a Unix domain member:



More information about the samba mailing list