[Samba] Setting up user authentication on a Samba DC
Rowland Penny
rpenny at samba.org
Fri Aug 23 16:55:40 UTC 2024
On Fri, 23 Aug 2024 16:38:38 +0000
Darin via samba <samba at lists.samba.org> wrote:
> Hello,
>
> I am trying to get WIndbind authentication working on a Domain
> controller. However, I am struggling to get it working. From what I
> can tell it should be as simple as adding winbind to
> /etc/nsswitch.conf but it doesn't seem to work. When I run getent
> passwd it just returns nothing but when I run wbinfo --ping-dc it
> succeeds.
You are probably missing the links between winbind and nsswitch, if
this was on Debian, I would advise installing the libpam-winbind and
libnss-winbind, I think on Fedora they are called samba-winbind-clients.
>
> Here is my smb.conf
>
> # Global parameters
> [global]
> ad dc functional level = 2012_R2
> dns forwarder = 192.168.x.x
> netbios name = DC
> realm = MYDOMAIN.LAN
> server role = active directory domain controller
> workgroup = MYDOMAIN
> idmap_ldb:use rfc2307 = yes
>
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> [netlogon]
> path = /var/lib/samba/sysvol/mydomain.lan/scripts
> read only = No
>
> The OS is Fedora 40 and samba 4.20.4
Are you aware that as the Fedora Samba packages use MIT for the KDC,
they are classed as experimental, so I hope that you are not using them
in production.
>
> How would I properly setup Winbind authentication for a local login?
Fairly easy, just everything up correctly.
> Also, I know that generally SSSD conflicts with Samba and WInbind
That is a bit of an understate in my opinion.
> however it seems to be better documented and more reliable. Is there
> a way to make SSSD work with Samba?
Not in my opinion and it isn't required.
Rowland
More information about the samba
mailing list