[Samba] SAMBA using existing users and passwords on Linux
Rowland penny
rpenny at samba.org
Mon Jun 22 13:13:43 UTC 2020
On 22/06/2020 14:00, Fernando Gonçalves wrote:
> Good morning Rowland.
>
> As you may have noticed, I am no expert in deploying SAMBA in an AD
> domain.
> Could you give me a link with a tutorial that explains in a simple way
> the procedure for this?
You could start here:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> Just to not leave without a return I executed the following commands:
>
> # getent group TJSC\users
> #
> Nothing came back.
It shouldn't, not even on a Samba AD DC
>
> # getent group TJSC users
> users: x: 100:
> This group "users" is local to the linux server (it is in /etc/passwd)
> and does not exist in the AD domain.
Ah, yes it does, just not where you expect it ;-)
If you examine 'idmap.ldb' on a DC, you should find something like this:
dn: CN=S-1-5-21-1768301897-3342589593-1064908849-513
cn: S-1-5-21-1768301897-3342589593-1064908849-513
objectClass: sidMap
objectSid: S-1-5-21-1768301897-3342589593-1064908849-513
type: ID_TYPE_GID
xidNumber: 100
distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-513
The '513' is the RID for Domain Users and the xidNumber maps it to to
the local 'users' group.
>
> I can then conclude that my intention to use local users of the linux
> server without having to specify the name of the linux server is not
> possible, right?
Correct, not possible and definitely not supported on a Samba AD DC (or
any other Samba domain machine)
Rowland
More information about the samba
mailing list