[Samba] Should I be able to access shares w/o authenticating again?

Rob Campbell robcampbell08105 at gmail.com
Mon Nov 21 19:25:47 UTC 2022


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.


On Sat, Nov 19, 2022 at 2:38 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

>
>
> On 19/11/2022 19:22, Rob Campbell via samba wrote:
>
> >>
> >> I did this
>
> You did what ?
>
Changed to use rid.


>
> > and now I am able to log in using domain credentials w/o having
> > to do 'user at domain' or 'domain\user' but that seems to have disabled the
> > ability to log in using a local user (on the dc only)
>
> I think I have already said this, but just in case I didn't, you cannot
> have a local Unix user called by the same username as an AD user. You
> make the AD become a Unix user.
>
I don't recall you mentioning that but that makes sense.  I thought what
would happen would be it would try to authenticate using the local
credentials and if I were using the domain password, it would fail but if I
used the unix password, it would authenticate.


>
> >
> > Nov 19 14:15:12 DC01 kernel: audit: type=1400 audit(1668885312.
> <http://voice.google.com/calls?a=nc,%2B11668885312>
> <http://voice.google.com/calls?a=nc,%2B11668885312>
> <http://voice.google.com/calls?a=nc,%2B11668885312>805:1770):
> > apparmor="ALLOWED" operation="open"
> > profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_nss"
>
> Ah, well, that's me out of this thread, my opinion of sssd is well
> known, I do not see the point to it in an AD domain.
>
In my reading, I found that I needed to use sssd on my Fedora server to get
it to properly authenticate but apparently, I was ssh'd into the Debian DC
and made the changes there by accident.  I've disabled sssd on the dc and
removed the references in nsswitch.conf and now all members allow users to
authenticate with just 'username'.



>
> Rowland
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list