[Samba] samba 4 in AD 2008R2 without winbind

Rowland Penny rpenny at samba.org
Wed May 24 10:45:56 UTC 2017


On Wed, 24 May 2017 12:08:09 +0200 (CEST)
Daniele Bernazzi <daniele at ao-siena.toscana.it> wrote:

> Hi Rowland, I did a reply to the list (just to the list, not to all)
> some hours ago, but I can't see it on the thread, so I am resend it
> just to you:
> 
> Thank you Rowland for your prompt reply. For what I read is possible
> to use samba without winbind:
> See: 
> https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html
> 
> There is this note in that doc:
> If winbindd is not running, smbd (which calls winbindd) will fall
> back to using purely local information from /etc/passwd
> and /etc/group and no dynamic mapping will be used. On an operating
> system that has been enabled with the NSS, the resolution of user and
> group information will be accomplished via NSS.
> 
> I whish to restrict access just to users presents in /etc/passwd.
> With winbind I have to adopt some workarounds to meet the unix uid
> with windows sid and I am trying to avoid it
> 
> Daniele

It sounds like you are trying to set up a standalone server, so see
here:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server

On this type of Samba server you need the users in /etc/passwd, but
they still need to be Samba users. So you will need to create any users
that you want to connect and ensure they have the same password as the
windows user

e.g. windows user 'fred' with the password 'password' will need to be
created as the Unix user 'fred' with the password 'password' on the
standalone server, you will then need to make the Unix user 'fred' a
Samba user with the password 'password'

If the windows user changes their password, then the Unix & Samba
passwords will need to be changed.

Where as, a Unix Domain member , only has the username and password
stored in one place, AD.

Rowland





More information about the samba mailing list