[Samba] Adding non samba user to a samba-ad-dc
Robert Steinmetz
rob at steinmetznet.com
Mon Mar 22 15:46:34 UTC 2021
I sent this a before but don't see it on the list and didn't get a
bounce. Trying again.
I have been attempting to understand the samba-ad-dc setup and I've set
up a AD DC using samba-tool.
I've added a user to the AD DC using samba-tool.
I decided I needed to add a local Linux user to the DC and used
> sudo useradd <username>
Which ran as expected and created an entry for <username> in
/etc/passwd, /etc/group and /etc/shadow.
The entry in /etc/shadow has a '!' where the password hash would
normally be. I understand that indicates a Kerberos passwd.
I then decided I need to create a password for that user and used
> $sudo passwd <username>
> Current Kerberos password:
> Current Kerberos password:
> passwd: Authentication token manipulation error
I want to add this user as a Linux only local user not as a Samba AD user.
My questions are:
1. Can I simply edit /etc/shadow and remove the '!' so I can enter a
password and have that control this local user?
2. How can I set or reset the 'Current Kerberos passwd'? I don't recall
setting one when I set up the samba-ad-dc using samba-tool and if I did
I don't know what it is.
I also found a reference to the kpasswd command but running that command
results in:
> sudo kpasswd <username>
> kpasswd: Cannot find KDC for requested realm getting initial ticket
I tried to su to the username
> # su <username>
> $ passwd
> Current Kerberos password:<cr>
> Changing password for <username>
> Current password:<cr>
> passwd: Authentication token manipulation error
> passwd: password unchanged
More information about the samba
mailing list