[Samba] authentication issue moving from Samba 4.11.x to 4.13.14
gaiseric.vandal at gmail.com
Mon Mar 21 19:08:59 UTC 2022
On 3/21/22 13:38, Rowland Penny via samba wrote:
> On Mon, 2022-03-21 at 13:17 -0400, Gaiseric Vandal via samba wrote:
>> LDAP is used for user and group lookups at the Unix/Linux level.
>> includes nfs and ssh. The authentication itself is typically
>> kerberos. Presumably if nsswitch.conf pointed to winbind but not
>> it everything would continue to work.
> Got to ask this, why are you using ldap for Unix user & group lookups ?
> I presume that the ldap lookups are searching for RFC2307 attributes,
> if so, ldap is a bit redundant, your 'ad' backend will use the same IDs
> While there a numerous superfluous lines in your smb.conf, it is
> basically sound.
A lot of the engineering/scientific software we use runs on Linux. A
lot of the software development we do is also on Linux, so the focus of
services on Solaris machines was to support Linux clients first, and
Windows clients 2nd. I am fairly confident that if I configure
/etc/nsswitch.conf to use winbind (not ldap) network users and groups
that ssh login would still work. but I don't know about NFS (which is
dependent on kerberos security.)
More information about the samba