[Samba] winbind for nsswitch, without AD membership
Rowland Penny
rpenny at samba.org
Thu Feb 2 10:18:01 UTC 2023
On 02/02/2023 10:10, cYuSeDfZfb cYuSeDfZfb via samba wrote:
> Hi,
>
> I am setting up a standalone samba server (with tdbsam) on RHEL9,
> following the immaculate samba wiki:
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
>
> The user creation flow described in the standalone scenario is:
>
> - create a system user (useradd ) with password
> - create a samba user (smbpasswd) with password
>
> In my previous work, I have always used domain member servers with
> security = ADS / winbind idmap 'ad' backend / winbind for local linux
> users.
>
> My question: is it possible to use winbind with autorid & tdbsam (and
> security = user) to avoid the requirement to generate each user TWICE?
>
> MJ
>
No, but you could use winbind with autorid (or rid) and the default
tdbsam and 'security = ADS', then do not create users on the Samba Unix
domain member, that way, you only create the user once, in AD.
If you have AD, then leverage it, if not, script around the user creation.
NOTE: if you use the rid idmap backend, you can also use 'winbind use
default domain = yes'.
Rowland
More information about the samba
mailing list