[Samba] Users and groups on member server without ssh
Daniel Carrasco
d.carrasco at i2tic.com
Wed Sep 27 13:46:42 UTC 2017
Hello,
I've a member server that is working fine as shared folder server (all
shares works and it permissions). My problem is that when I add the
nsswitch winbind entries then the server uses the DC to authenticate even
when I use ssh, so if Samba DC server fails I have problems to login into
the member server.
My nsswitch:
passwd: compat winbind
group: compat winbind
shadow: compat
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
And my smb.conf:
[global]
workgroup = DOMAIN
security = ADS
realm = DOMAIN.COM
server role = member server
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config DOMAIN:backend = rid
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000-99999
winbind nss info = rfc2307
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
Is there any way to avoid that authentication method and use only the local
one? (I use tools like setfacl to change permissions so I need access to
domain users/groups).
Thanks and greetings!!
--
_________________________________________
Daniel Carrasco Marín
Ingeniería para la Innovación i2TIC, S.L.
Tlf: +34 911 12 32 84 Ext: 223
www.i2tic.com
_________________________________________
More information about the samba
mailing list