[Samba] authentication issue moving from Samba 4.11.x to 4.13.14

Rowland Penny rpenny at samba.org
Mon Mar 21 19:19:02 UTC 2022


On Mon, 2022-03-21 at 15:08 -0400, Gaiseric Vandal via samba wrote:
> On 3/21/22 13:38, Rowland Penny via samba wrote:
> > On Mon, 2022-03-21 at 13:17 -0400, Gaiseric Vandal via samba wrote:
> > > LDAP is used for user and group lookups at the Unix/Linux level.
> > > This
> > > includes nfs and ssh.  The authentication itself is typically
> > > kerberos.   Presumably if nsswitch.conf pointed to winbind but
> > > not
> > > ldap
> > > it everything would continue to work.
> > Got to ask this, why are you using ldap for Unix user & group
> > lookups ?
> > I presume that the ldap lookups are searching for RFC2307
> > attributes,
> > if so, ldap is a bit redundant, your 'ad' backend will use the same
> > IDs
> > 
> > While there a numerous superfluous lines in your smb.conf, it is
> > basically sound.
> > 
> > Rowland
> > 
> > 
> 
> A lot of the engineering/scientific software we use runs on Linux. 
> A 
> lot of the software development we do is also on Linux, so the focus
> of 
> services on Solaris machines was to support Linux clients first, and 
> Windows clients 2nd.    I am fairly confident that if I configure 
> /etc/nsswitch.conf to use winbind (not ldap) network users and
> groups 
> that ssh login would still work.

I am absolutely positive it will work, it is how I run Samba on Linux.

>   but I don't know about NFS (which is 
> dependent on kerberos security.)

This should also work, I do not use NFS, but kerberos works well on
Linux, not sure about Solaris. If this was Debian, I would advise
installing the libnss-winbind, libpam-winbind and libpam-krb5 packages,
does Solaris have similar packages ?

Rowland





More information about the samba mailing list