[Samba] samba 4 in AD 2008R2 without winbind

Daniele Bernazzi daniele at ao-siena.toscana.it
Wed May 24 10:54:48 UTC 2017


> Da: "Rowland Penny" <rpenny at samba.org>
> A: samba at lists.samba.org
> Cc: "Daniele Bernazzi" <daniele at ao-siena.toscana.it>
> Inviato: Mercoledì, 24 maggio 2017 12:45:56
> Oggetto: Re: [Samba] samba 4 in AD 2008R2 without winbind
> 
> On Wed, 24 May 2017 12:08:09 +0200 (CEST)
> Daniele Bernazzi <daniele at ao-siena.toscana.it> wrote:
> 
> > Hi Rowland, I did a reply to the list (just to the list, not to all)
> > some hours ago, but I can't see it on the thread, so I am resend it
> > just to you:
> > 
> > Thank you Rowland for your prompt reply. For what I read is possible
> > to use samba without winbind:
> > See:
> > https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html
> > 
> > There is this note in that doc:
> > If winbindd is not running, smbd (which calls winbindd) will fall
> > back to using purely local information from /etc/passwd
> > and /etc/group and no dynamic mapping will be used. On an operating
> > system that has been enabled with the NSS, the resolution of user and
> > group information will be accomplished via NSS.
> > 
> > I whish to restrict access just to users presents in /etc/passwd.
> > With winbind I have to adopt some workarounds to meet the unix uid
> > with windows sid and I am trying to avoid it
> > 
> > Daniele
> 
> It sounds like you are trying to set up a standalone server, so see
> here:
> 
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
> 
> On this type of Samba server you need the users in /etc/passwd, but
> they still need to be Samba users. So you will need to create any users
> that you want to connect and ensure they have the same password as the
> windows user
> 
> e.g. windows user 'fred' with the password 'password' will need to be
> created as the Unix user 'fred' with the password 'password' on the
> standalone server, you will then need to make the Unix user 'fred' a
> Samba user with the password 'password'
> 
> If the windows user changes their password, then the Unix & Samba
> passwords will need to be changed.
> 
> Where as, a Unix Domain member , only has the username and password
> stored in one place, AD.
> 
> Rowland
> 
> 
> 

So far for standalone server, Rowland, but is not possible to authenticate (just autenticate) on active directory? This configuration is now working on another server with samba 3 ... access is allowed to users declared in /etc/passwd (these users do not have a unix password) and the client use transparently the password they supplied at login time.
I am not able to reply this configuration in samba 4

thank you



More information about the samba mailing list