[Samba] Usernames in /etc/passwd vs domain (Domain Member Setup)
Rowland Penny
rpenny at samba.org
Thu Sep 22 07:35:46 UTC 2022
On 22/09/2022 00:00, Eddie Rowe via samba wrote:
> I am new to Samba and working to understand things since I have an existing Samba server joined to Active Directory as a domain member. I have been reading the O'Reilly Samba book to get oriented to things and now setting up a test server. So as to not muddy the water with distribution specific instructions I have been working off the Samba wiki<https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member> to setup a test system. Under the section "Configuring the Name Service Switch" the wiki states "Do not use the same user names in the local /etc/passwd file as in the domain.". I am afraid this is how things are setup today on the existing server. Any suggestions for what I can review in the Wiki or Samba site to understand how I can bring our setup into one that would be a standard setup? Today the process for giving someone access to a Samba share involves killing winbind, adding the local account, adding the group that corresponds to the share, restarting winbind.
The username on Linux is found by going through /etc/nsswitch.conf,
which usually is in a form like this: passwd files winbind
The above line means that when you run something like 'getent passwd
username', /etc/passwd is checked first (the 'files' bit) and if not
found, then winbind is asked. This means that if the username is in
/etc/passwd and AD, the local user will be used first.
There is absolutely no reason to have the same username in /etc/passwd
and in AD.
If I run:
getent passwd rowland
on a Unix domain member, I get this:
rowland:*:11104:10513::/home/rowland:/bin/bash
but running:
grep 'rowland' /etc/passwd
Produces no output
Rowland
More information about the samba
mailing list