[Samba] AD Member: server role = member server vs. security = ADS
ayers at fsfe.org
Thu Mar 7 16:08:46 UTC 2019
I'm trying to add Debian stretch as a domain member to an AD domain, to
have Windows Users access shares according to permissions of AD group
For the record this is smbd --version:
I was a bit confused about a few points when comparing it to the
default smb.conf in Debian and reading the man page
1. The default smb.conf seems to imply to set the "server role" to
"member server", but the wiki doesn't mention it.
Should "server role" be set to "member server"?
2. The default smb.conf does not include "security" but the wiki says
it should be set to ADS.
Does "server role" being set to "member server" imply "security" set to
"ADS"? (This seems to be implied by the man page)
Or should "security" be explicitly set to "ADS" despite the server role
3. The default Debian configuration sets all the variables for
local password storage but also for password sync:
obey pam restrictions
pam password change
but none of these are mentioned in the Wiki. I guess the become
obsolete as domain member and there is no need to sync passwords since
any samba users will be managed by NSS and winbindd
David Ayers - Team Austria
Free Software Foundation Europe (FSFE)  (http://www.fsfe.org)
Become a supporter of the FSFE!  (https://fsfe.org/join)
Your donation powers our work! || (http://fsfe.org/donate)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part
More information about the samba