[Samba] SAMBA using existing users and passwords on Linux

Fernando Gonçalves fernandolmg at gmail.com
Mon Jun 22 14:55:38 UTC 2020 

Ok Rowland.
Muito obrigado por mais essa ajuda.
Até a próxima.

<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Livre
de vírus. www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>.
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

Em seg., 22 de jun. de 2020 às 10:14, Rowland penny via samba <
samba at lists.samba.org> escreveu:

> On 22/06/2020 14:00, Fernando Gonçalves wrote:
> > Good morning Rowland.
> >
> > As you may have noticed, I am no expert in deploying SAMBA in an AD
> > domain.
> > Could you give me a link with a tutorial that explains in a simple way
> > the procedure for this?
>
> You could start here:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> >
> > Just to not leave without a return I executed the following commands:
> >
> > # getent group TJSC\users
> > #
> > Nothing came back.
> It shouldn't, not even on a Samba AD DC
> >
> > # getent group TJSC users
> > users: x: 100:
> > This group "users" is local to the linux server (it is in /etc/passwd)
> > and does not exist in the AD domain.
>
> Ah, yes it does, just not where you expect it ;-)
>
> If you examine 'idmap.ldb' on a DC, you should find something like this:
>
> dn: CN=S-1-5-21-1768301897-3342589593-1064908849-513
> cn: S-1-5-21-1768301897-3342589593-1064908849-513
> objectClass: sidMap
> objectSid: S-1-5-21-1768301897-3342589593-1064908849-513
> type: ID_TYPE_GID
> xidNumber: 100
> distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-513
>
> The '513' is the RID for Domain Users and the xidNumber maps it to to
> the local 'users' group.
>
> >
> > I can then conclude that my intention to use local users of the linux
> > server without having to specify the name of the linux server is not
> > possible, right?
>
> Correct, not possible and definitely not supported on a Samba AD DC (or
> any other Samba domain machine)
>
> Rowland
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list