[Samba] Samba as a domain member:
chriscox at endlessnow.com
Mon Jun 15 17:02:19 UTC 2020
On 6/15/20 11:29 AM, Rowland penny via samba wrote:
> You also have 'unix password sync = Yes', you should remove this, you cannot
> have users in /etc/passwd and AD.
Actually, as far as a base statement, you can have both, that is, the idea of a
username in Windows AD and the same username in /etc/passwd. The namespaces are
not cojoined. However, that doesn't mean "unix password sync" is ok. I don't
know enough about the assumptions being made inside of samba with regards to that.
Note, having the same username in the two namespaces can cause some ambiguity.
As simply reporting a username doesn't identify the namespace from which it came
from. You'd have to look (for example) at the underlying uid. Especially true
where default domain is used.
While this might appear to be "incorrect", it could also be looked at as a
feature. And something that has been *ix for a long time really.
In other words, things can be based on context.
It might be a mistake to limit/control either namespace by trying to force there
to just be one.
More information about the samba