[Samba] Samba 4 without winbind
rpenny at samba.org
Sun Sep 18 10:41:39 UTC 2022
On 18/09/2022 10:16, Andrew Bartlett via samba wrote:
> What you do is still possible, perhaps with some work (see the Nov 2021
> security guidance as you have not applied those patches).
> Just run winbindd but don't configure it in the smb.conf.
> We recogninise that for some the authentication is via AD but the
> authorization is via other methods specified in nsswitch.conf, and we
> now have tests specifically aimed at this.
> Andrew Bartlett
It is all very well saying that Andrew, but the OP referred to Windows
clients, he also has Linux clients, along with NIS and NFS. This means
that he must maintain Linux users that are really Windows users, Linux
Users that are authenticating from AD, NFS users that are authenticating
to AD, NIS users that are authenticating to AD, finally I have no idea
how or where the NIS groups are stored.
Sooner or later, Samba is going to drop SMBv1 and anything that relies
on it will also disappear, not that this will really matter to the OP,
because he is using 'security = ADS'. If he sets up the smb.conf
correctly, His Windows clients will treat Linux machines as if they are
Windows machines, he can get his Linux machines to behave as if they are
Windows machines (so he will not need NIS) and NFS can easily
authenticate to AD.
To be honest, I expect better of Universities, they are supposed to be
places of learning, pity most of them do not seem to want to use new (if
you can call AD new) and better ways
More information about the samba