[Samba] Samba as a domain member:

Christopher Cox chriscox at endlessnow.com
Mon Jun 15 19:02:09 UTC 2020

On 6/15/20 12:35 PM, Rowland penny via samba wrote:
> On 15/06/2020 18:02, Christopher Cox via samba wrote:
>> Actually, as far as a base statement, you can have both,
> You cannot have the same user in /etc/passwd and AD, though if you persevere 
> enough you probably could create them in both databases.
> Lets take a user called 'fred':
> rowland at devstation:~/tests$ cat /etc/passwd | grep 'fred'
> Which on 'devstation' produces no output, so the user isn't in /etc/passwd, but:
> rowland at devstation:~/tests$ getent passwd fred
> Produces this:
> fred:*:10005:10000::/home/fred:/bin/bash
> So, even though 'fred' isn't in /etc/passwd, the Linux OS knows who 'fred' is, 
> so lets try and create 'fred' as a Linux user:
> rowland at devstation:~/tests$ sudo adduser fred
> [sudo] password for rowland:
> adduser: The user `fred' already exists.
> So, the OS will not let me create 'fred' in /etc/passwd

The command prohibited it.  So, look at this differently. Assume you have a host 
where local users already exist and then you join that host as a domain member.

Surprise!  You can now have the same user in /etc/passwd as well as via winbind.

> I could probably create 'fred' in /etc/passwd by removing 'winbind' from the 
> 'passwd' line in /etc/nsswitch.conf, but this would mean that the Linux user 
> 'fred' would be used instead of the AD user 'fred', even when I put winbind back 
> in /etc/nsswitch.conf.
> Please don't try to 'bend' AD, that way will only lead to trouble and there is 
> absolutely no reason to do it.

I kinda like you, but you DO NOT take criticism well at all.  Just because "you 
think" you understand how things work doesn't mean that you actually do.  Better 
response:  Hmmm, you're right, but I don't advise doing it.


More information about the samba mailing list