Web lists-archives.com

Re: [Samba] Winbind and nss-ldap




On Thu, 4 Oct 2018 08:34:03 +0000
Praveen Ghimire <PGhimire@xxxxxxxxxxxxxx> wrote:

> Hi Rowland,
> 
> We are caught in  a similar situation.  The question is if the users
> and groups are defined in /etc/passwd and /etc/group,  shouldn't the
> server auth them using these first? As nsswitch directs the server to
> look at "files" first . Shouldn't this be the default regardlessof
> winbind/ldap configs?
> 

This was the really old way of doing things in an NT4-style domain and
was mostly used where the users would never log into the machine and
only connect via Samba.

Yes, if a user is in /etc/passwd, then this user will be used (if the
user logs into the computer directly) instead of the domain user. This
is why you cannot have a local user with the same name as an AD user.

When you use LDAP with a PDC/BDC, you do not need the local users, you
should set the OS to use ldap for the domain users.

Having said all of that, anybody who is still using an NT4-style domain
should seriously consider upgrading to AD before it is too late.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba