[Samba] authentication issue moving from Samba 4.11.x to 4.13.14

Gaiseric Vandal gaiseric.vandal at gmail.com
Mon Mar 21 19:08:59 UTC 2022

On 3/21/22 13:38, Rowland Penny via samba wrote:
> On Mon, 2022-03-21 at 13:17 -0400, Gaiseric Vandal via samba wrote:
>> LDAP is used for user and group lookups at the Unix/Linux level.
>> This
>> includes nfs and ssh.  The authentication itself is typically
>> kerberos.   Presumably if nsswitch.conf pointed to winbind but not
>> ldap
>> it everything would continue to work.
> Got to ask this, why are you using ldap for Unix user & group lookups ?
> I presume that the ldap lookups are searching for RFC2307 attributes,
> if so, ldap is a bit redundant, your 'ad' backend will use the same IDs
> While there a numerous superfluous lines in your smb.conf, it is
> basically sound.
> Rowland

A lot of the engineering/scientific software we use runs on Linux.  A 
lot of the software development we do is also on Linux, so the focus of 
services on Solaris machines was to support Linux clients first, and 
Windows clients 2nd.    I am fairly confident that if I configure 
/etc/nsswitch.conf to use winbind (not ldap) network users and groups 
that ssh login would still work.  but I don't know about NFS (which is 
dependent on kerberos security.)

More information about the samba mailing list