[Samba] winbind for nsswitch, without AD membership
cYuSeDfZfb cYuSeDfZfb
cyusedfzfb at gmail.com
Thu Feb 2 10:25:41 UTC 2023
Hi Rowland,
Thanks for the very quick reply.
As this machine will hold specific backup stuff, we do not want it be
be 'connected' to the AD at all, adding an extra layer of protection.
(next to other layers,of course)
Thanks for your clear response: we will script it.
MJ
On Thu, 2 Feb 2023 at 11:18, Rowland Penny via samba
<samba at lists.samba.org> wrote:
>
>
>
> On 02/02/2023 10:10, cYuSeDfZfb cYuSeDfZfb via samba wrote:
> > Hi,
> >
> > I am setting up a standalone samba server (with tdbsam) on RHEL9,
> > following the immaculate samba wiki:
> > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
> >
> > The user creation flow described in the standalone scenario is:
> >
> > - create a system user (useradd ) with password
> > - create a samba user (smbpasswd) with password
> >
> > In my previous work, I have always used domain member servers with
> > security = ADS / winbind idmap 'ad' backend / winbind for local linux
> > users.
> >
> > My question: is it possible to use winbind with autorid & tdbsam (and
> > security = user) to avoid the requirement to generate each user TWICE?
> >
> > MJ
> >
>
> No, but you could use winbind with autorid (or rid) and the default
> tdbsam and 'security = ADS', then do not create users on the Samba Unix
> domain member, that way, you only create the user once, in AD.
>
> If you have AD, then leverage it, if not, script around the user creation.
>
> NOTE: if you use the rid idmap backend, you can also use 'winbind use
> default domain = yes'.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list