[Samba] domain member login
Rowland Penny
rpenny at samba.org
Tue Jun 3 05:48:26 UTC 2025
On Mon, 2 Jun 2025 17:50:00 -0400
Sonic via samba <samba at lists.samba.org> wrote:
> Hello,
>
> I set up a Debian Bookworm Domain Member to test integration with a
> Samba AD. I can successfully shell into the Domain Member via SSH
> using AD user credentials but cannot login to the system locally via
> the GUI using AD user credentials only local user credentials.
> I've run across some online info suggesting using SSSD, but somehow I
> think pam/winbind should be able to handle this, especially as SSH
> works just fine.
> Any clues? What am I missing? Any good up to date docs on this?
>
> Thanks,
> Chris
>
If your Debian Bookworm machine is joined to the domain correctly, then
everything should just work, including being able to login via the GUI.
Using sssd will not help and why should it, it is basically winbind
rewritten for freeipa.
If you have users in /etc/passwd and the same username in AD, then
normally the local user is used first and the AD user is ignored. Let
me show you an example of winbind mapping an AD user to a Unix user:
rowland at devstation:~$ cat /etc/passwd | grep 'rowland'
rowland at devstation:~$
rowland at devstation:~$ getent passwd rowland
rowland:*:11104:10513:Rowland Penny:/home/rowland:/bin/bash
I am NOT in /etc/passwd, but the Unix OS shows that I am a Unix user
and I can login via the GUI, lightdm in this case.
You just need to set things up correctly and it will work, showing us
what you have now will allow us to point you in the right direction.
Rowland
More information about the samba
mailing list