[Samba] SAMBA using existing users and passwords on Linux

Rowland penny rpenny at samba.org
Fri Jun 19 14:42:59 UTC 2020

On 19/06/2020 15:06, Fernando Gonçalves wrote:
> I will pass all the commands I used for installation and inclusion of 
> the linux server server in AD.
> Installation of KERBEROS 5 packages:
> #yum install krb5-server krb5-libs krb5-workstation
Why install krb5-server ? this is not required on a Unix domain member.
> I added the following lines to the /etc/krb5.conf file
> [libdefaults]
> default_realm = SAMDOM.EXAMPLE.COM <http://SAMDOM.EXAMPLE.COM>
> dns_lookup_realm = false
> dns_lookup_kdc = false
Change the last line to true
> I installed realmd
> # yum install realmd
Why, what is wrong with 'net ads join' ?

Nothing really wrong, apart from, you do not seem to understand that any 
users in /etc/passwd are unknown to AD.

You can have the same username in /etc/passwd and AD, but they will be 
different users. The only Samba supported way of making users known to 
both AD and the local Linux OS, is for the users to be in AD and use 
Samba to make them Unix users as well. You are half way there, you have 
in smb.conf:

idmap config TJSC : range = 2000000-2999999
idmap config TJSC : backend = rid

This will take any AD users (and groups), extract the RID and then 
calculate the Unix ID using the lower range, so from what you have 
posted, I am very sure that 'getent group Domain\ Users' will return the 
ID '2000513'.

So to cut to a shorter version, create your users in AD and delete them 
from /etc/passwd.

Your way is not supported.


More information about the samba mailing list