[Samba] Samba as a domain member:
Christopher Cox
chriscox at endlessnow.com
Mon Jun 15 19:02:09 UTC 2020
On 6/15/20 12:35 PM, Rowland penny via samba wrote:
> On 15/06/2020 18:02, Christopher Cox via samba wrote:
>> Actually, as far as a base statement, you can have both,
>
> You cannot have the same user in /etc/passwd and AD, though if you persevere
> enough you probably could create them in both databases.
>
> Lets take a user called 'fred':
>
> rowland at devstation:~/tests$ cat /etc/passwd | grep 'fred'
>
> Which on 'devstation' produces no output, so the user isn't in /etc/passwd, but:
>
> rowland at devstation:~/tests$ getent passwd fred
>
> Produces this:
>
> fred:*:10005:10000::/home/fred:/bin/bash
>
> So, even though 'fred' isn't in /etc/passwd, the Linux OS knows who 'fred' is,
> so lets try and create 'fred' as a Linux user:
>
> rowland at devstation:~/tests$ sudo adduser fred
> [sudo] password for rowland:
> adduser: The user `fred' already exists.
>
> So, the OS will not let me create 'fred' in /etc/passwd
The command prohibited it. So, look at this differently. Assume you have a host
where local users already exist and then you join that host as a domain member.
Surprise! You can now have the same user in /etc/passwd as well as via winbind.
>
> I could probably create 'fred' in /etc/passwd by removing 'winbind' from the
> 'passwd' line in /etc/nsswitch.conf, but this would mean that the Linux user
> 'fred' would be used instead of the AD user 'fred', even when I put winbind back
> in /etc/nsswitch.conf.
>
> Please don't try to 'bend' AD, that way will only lead to trouble and there is
> absolutely no reason to do it.
I kinda like you, but you DO NOT take criticism well at all. Just because "you
think" you understand how things work doesn't mean that you actually do. Better
response: Hmmm, you're right, but I don't advise doing it.
I'll save you the time: PLEASE DO NOT MAKE ANY MORE REPLIES ON THIS.
More information about the samba
mailing list