[Samba] winbind for nsswitch, without AD membership
zombie_ryushu at yahoo.com
Thu Feb 2 13:43:15 UTC 2023
On 2/2/23 08:39, cYuSeDfZfb cYuSeDfZfb via samba wrote:
> Winbind is not installed and not running, so that's not it.
> Anyway, guess we'll have to live with the double user creation.
> Thanks for the quick help, Ralph and Rowland.
> On Thu, 2 Feb 2023 at 13:47, Ralph Boehme <slow at samba.org> wrote:
>> On 2/2/23 12:23, cYuSeDfZfb cYuSeDfZfb wrote:
>>> Thanks for the useful parameter. I implemented it in my samba config,
>>> but the script is never called from samba, instead the logon is denied
>>> with NT_STATUS_NO_SUCH_USER.
>> the exact mechanics escape my mind, but I noticed that in one place
>> where we hook the script we only do it if winbindd is *not* runnning. So
>> since you're running Samba as a standalone server, running without
>> winbindd might work to some extent.
>> Alternative iirc the script is also called if you run pdedit or smbpasswd.
>> Ralph Boehme, Samba Team https://samba.org/
>> SerNet Samba Team Lead https://sernet.de/en/team-samba
Have you considered allowing this node to be an OpenLDAP/Kerberos
Client, and then cacheing accounts using nss_updatedb in the old school
More information about the samba