Re: [Samba] Samba 4.6.5-Debian, authentication on a mix workgroup+domain
- Date: Mon, 31 Jul 2017 12:13:08 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba 4.6.5-Debian, authentication on a mix workgroup+domain
On Mon, 31 Jul 2017 12:40:40 +0200
Marc-Henri Pamiseux via samba <samba@xxxxxxxxxxxxxxx> wrote:
> A simple solution, as an alternative, is to create a user account in
> Active Directory, then assign it an Unix uidNumber in the range of
> domain users, and then to configure in smb.conf the "map to guest"
> directive with that login's name.
> By doing this, we can forget the assignment to nobody's login.
AH, something just went 'ping' ;-)
There was a recent Debian bug, the bug being that the 'passwd' and
'group' lines in /etc/nsswitch.conf had been setup as 'winbind compat',
I couldn't understand why anybody would want to do that, I think you
may have just given me a reason.
When (on a Unix machine) you ask for a users ID, NSS is consulted and
this uses /etc/nsswitch.conf to find the users ID. Normally the local
files are search first and if you are searching for 'nobody' on Debian,
you get back '65534', winbind is not consulted. However if the order of
searching is switched around and winbind is used before the local
files, then you will get the user mapped by winbind to whoever you have
in smb.conf and the ID for this user returned.
This is what I think will happen, never tried it myself, but I will.
To unsubscribe from this list go to the following URL and read the