[Samba] Samba as a domain member:

Andrew Bartlett abartlet at samba.org
Mon Jun 15 19:57:07 UTC 2020

On Mon, 2020-06-15 at 12:02 -0500, Christopher Cox via samba wrote:
> On 6/15/20 11:29 AM, Rowland penny via samba wrote:
> ... snippity
> > You also have 'unix password sync = Yes', you should remove this,
> > you cannot 
> > have users in /etc/passwd and AD.
> Actually, as far as a base statement, you can have both, that is, the
> idea of a 
> username in Windows AD and the same username in /etc/passwd.  The
> namespaces are 
> not cojoined.  However, that doesn't mean "unix password sync" is
> ok.  I don't 
> know enough about the assumptions being made inside of samba with
> regards to that.

It is all a bit moot anyway, unless there is a local passdb entry for
the local user, the SAMR server won't operate for that user and so
there will be no way to change the password.

AD passwords are changed on a domain controller, not on or via the
domain member.

Andrew Bartlett

Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          

More information about the samba mailing list