[Samba] Samba as a domain member:

Christopher Cox chriscox at endlessnow.com
Mon Jun 15 17:02:19 UTC 2020

On 6/15/20 11:29 AM, Rowland penny via samba wrote:
... snippity
> You also have 'unix password sync = Yes', you should remove this, you cannot 
> have users in /etc/passwd and AD.

Actually, as far as a base statement, you can have both, that is, the idea of a 
username in Windows AD and the same username in /etc/passwd.  The namespaces are 
not cojoined.  However, that doesn't mean "unix password sync" is ok.  I don't 
know enough about the assumptions being made inside of samba with regards to that.

Note, having the same username in the two namespaces can cause some ambiguity. 
As simply reporting a username doesn't identify the namespace from which it came 
from. You'd have to look (for example) at the underlying uid.  Especially true 
where default domain is used.

While this might appear to be "incorrect", it could also be looked at as a 
feature.  And something that has been *ix for a long time really.

In other words, things can be based on context.

It might be a mistake to limit/control either namespace by trying to force there 
to just be one.

More information about the samba mailing list