[Samba] same username in /etc/passwd and in AD

Rowland penny rpenny at samba.org
Tue Jun 4 14:24:49 UTC 2019 

On 04/06/2019 12:24, Andreas Habel via samba wrote:
> Hi,
>
> we are currently in the process of testing a Samba AD setup and have identified some "challenges" regarding user accounts in /etc/passwd and in AD.
>
> Let me explain today's situation. Today we use a Linux file server that serves for both Linux and Windows clients and that acts as a NT4 PDC. The client computers are dual boot Linux/Win 7. Under Linux, /etc/passwd, /etc/group and /etc/shadow are rsynced from a central server to all other Linux servers and clients in our network.

If you use AD, you will not have to do this, you just make the AD users 
into Unix users as well.

> The home folders for Linux users are mapped nfs shares that physically reside on the Linux file server (that also is our PDC). Windows users map their smb shares from the same server. Under Linux we have an application that relies on that users of this application exist in /etc/passwd. We use the same username/password for both the Windows domain and under Linux.

See above

What does the application do ?

>
> Now, with the move to Samba AD, I read several places in the wiki and on this list that we can't have the same username in local /etc/passwd and in AD, but I haven't seen an explanation why this might not be a good idea. In our world, we have the same /etc/passwd on all Linux clients and servers, and we have control over user and group IDs so that they would be identical in /etc/passwd and in AD for a given user.
You cannot have the same username in AD and /etc/passwd for several 
reasons, a couple of which are, the first to be found will be used and 
there is absolutely no reason to do this.
>
> I would therefore like to have
> -       an AD DC,
> -       a Linux file server as domain member, but with /etc/passwd that has the same usernames as in AD,
   The above is not going to work
> -       Windows clients (domain members),
> -       Linux clients (not domain members, but with identical /etc/passwd like on file server and in AD).
That isn't a good idea, because they will not be Unix domain members, so 
you will have to maintain two databases (AD and /etc/passwd) with the 
same usernames & passwords, how do you plan to do this ? If you make 
them all domain members, then you only have one database, AD
>
> So let me know what I'm missing or what I have not understood.
>
I don't think you really understand the concept behind AD ;-)

Rowland

More information about the samba mailing list