[Samba] Users and groups on member server without ssh

Daniel Carrasco d.carrasco at i2tic.com
Wed Sep 27 13:46:42 UTC 2017


I've a member server that is working fine as shared folder server (all
shares works and it permissions). My problem is that when I add the
nsswitch winbind entries then the server uses the DC to authenticate even
when I use ssh, so if Samba DC server fails I have problems to login into
the member server.

My nsswitch:
passwd:         compat winbind
group:          compat winbind
shadow:         compat
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

And my smb.conf:
workgroup = DOMAIN
security = ADS
realm = DOMAIN.COM
server role = member server
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab

idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config DOMAIN:backend = rid
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000-99999

winbind nss info = rfc2307
winbind use default domain = yes
winbind enum users  = yes
winbind enum groups = yes

Is there any way to avoid that authentication method and use only the local
one? (I use tools like setfacl to change permissions so I need access to
domain users/groups).

Thanks and greetings!!


      Daniel Carrasco Marín
      Ingeniería para la Innovación i2TIC, S.L.
      Tlf:  +34 911 12 32 84 Ext: 223

More information about the samba mailing list