[Samba] authentication issue moving from Samba 4.11.x to 4.13.14
Rowland Penny
rpenny at samba.org
Mon Mar 21 19:19:02 UTC 2022
On Mon, 2022-03-21 at 15:08 -0400, Gaiseric Vandal via samba wrote:
> On 3/21/22 13:38, Rowland Penny via samba wrote:
> > On Mon, 2022-03-21 at 13:17 -0400, Gaiseric Vandal via samba wrote:
> > > LDAP is used for user and group lookups at the Unix/Linux level.
> > > This
> > > includes nfs and ssh. The authentication itself is typically
> > > kerberos. Presumably if nsswitch.conf pointed to winbind but
> > > not
> > > ldap
> > > it everything would continue to work.
> > Got to ask this, why are you using ldap for Unix user & group
> > lookups ?
> > I presume that the ldap lookups are searching for RFC2307
> > attributes,
> > if so, ldap is a bit redundant, your 'ad' backend will use the same
> > IDs
> >
> > While there a numerous superfluous lines in your smb.conf, it is
> > basically sound.
> >
> > Rowland
> >
> >
>
> A lot of the engineering/scientific software we use runs on Linux.
> A
> lot of the software development we do is also on Linux, so the focus
> of
> services on Solaris machines was to support Linux clients first, and
> Windows clients 2nd. I am fairly confident that if I configure
> /etc/nsswitch.conf to use winbind (not ldap) network users and
> groups
> that ssh login would still work.
I am absolutely positive it will work, it is how I run Samba on Linux.
> but I don't know about NFS (which is
> dependent on kerberos security.)
This should also work, I do not use NFS, but kerberos works well on
Linux, not sure about Solaris. If this was Debian, I would advise
installing the libnss-winbind, libpam-winbind and libpam-krb5 packages,
does Solaris have similar packages ?
Rowland
More information about the samba
mailing list