thr3ads.net - samba - [Samba] SAMBA using existing users and passwords on Linux [Jun 2020]

If this information is useful, please help other people find it:
Share via:

Rowland penny

2020-Jun-22 13:13 UTC

[Samba] SAMBA using existing users and passwords on Linux

On 22/06/2020 14:00, Fernando Gon?alves wrote:> Good morning Rowland.
>
> As you may have noticed, I am no expert in deploying SAMBA in an AD 
> domain.
> Could you give me a link with a tutorial that explains in a simple way 
> the procedure for this?
You could start here:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> Just to not leave without a return I executed the following commands:
>
> # getent group TJSC\users
> #
> Nothing came back.
It shouldn't, not even on a Samba AD DC>
> # getent group TJSC users
> users: x: 100:
> This group "users" is local to the linux server (it is in
/etc/passwd)
> and does not exist in the AD domain.
Ah, yes it does, just not where you expect it ;-)

If you examine 'idmap.ldb' on a DC, you should find something like this:

dn: CN=S-1-5-21-1768301897-3342589593-1064908849-513
cn: S-1-5-21-1768301897-3342589593-1064908849-513
objectClass: sidMap
objectSid: S-1-5-21-1768301897-3342589593-1064908849-513
type: ID_TYPE_GID
xidNumber: 100
distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-513

The '513' is the RID for Domain Users and the xidNumber maps it to to 
the local 'users' group.
>
> I can then conclude that my intention to use local users of the linux 
> server without having to specify the name of the linux server is not 
> possible, right?
Correct, not possible and definitely not supported on a Samba AD DC (or 
any other Samba domain machine)

Rowland

Fernando Gonçalves

2020-Jun-22 14:55 UTC

head link

[Samba] SAMBA using existing users and passwords on Linux

Ok Rowland.
Muito obrigado por mais essa ajuda.
At? a pr?xima.

<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Livre
de v?rus. www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>.
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

Em seg., 22 de jun. de 2020 ?s 10:14, Rowland penny via samba <
samba at lists.samba.org> escreveu:
> On 22/06/2020 14:00, Fernando Gon?alves wrote:
> > Good morning Rowland.
> >
> > As you may have noticed, I am no expert in deploying SAMBA in an AD
> > domain.
> > Could you give me a link with a tutorial that explains in a simple way
> > the procedure for this?
>
> You could start here:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> >
> > Just to not leave without a return I executed the following commands:
> >
> > # getent group TJSC\users
> > #
> > Nothing came back.
> It shouldn't, not even on a Samba AD DC
> >
> > # getent group TJSC users
> > users: x: 100:
> > This group "users" is local to the linux server (it is in
/etc/passwd)
> > and does not exist in the AD domain.
>
> Ah, yes it does, just not where you expect it ;-)
>
> If you examine 'idmap.ldb' on a DC, you should find something like
this:
>
> dn: CN=S-1-5-21-1768301897-3342589593-1064908849-513
> cn: S-1-5-21-1768301897-3342589593-1064908849-513
> objectClass: sidMap
> objectSid: S-1-5-21-1768301897-3342589593-1064908849-513
> type: ID_TYPE_GID
> xidNumber: 100
> distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-513
>
> The '513' is the RID for Domain Users and the xidNumber maps it to
to
> the local 'users' group.
>
> >
> > I can then conclude that my intention to use local users of the linux
> > server without having to specify the name of the linux server is not
> > possible, right?
>
> Correct, not possible and definitely not supported on a Samba AD DC (or
> any other Samba domain machine)
>
> Rowland
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Fernando Gonçalves

2020-Jun-22 14:57 UTC

head link

[Samba] SAMBA using existing users and passwords on Linux

Oops, wrong language ;D

Okay Rowland.
Thank you very much for this help.
To the next.

<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Livre
de v?rus. www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>.
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

Em seg., 22 de jun. de 2020 ?s 11:55, Fernando Gon?alves <
fernandolmg at gmail.com> escreveu:
> Ok Rowland.
> Muito obrigado por mais essa ajuda.
> At? a pr?xima.
>
>
>
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Livre
> de v?rus. www.avast.com
>
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>.
> <#m_-6496541906621750012_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
> Em seg., 22 de jun. de 2020 ?s 10:14, Rowland penny via samba <
> samba at lists.samba.org> escreveu:
>
>> On 22/06/2020 14:00, Fernando Gon?alves wrote:
>> > Good morning Rowland.
>> >
>> > As you may have noticed, I am no expert in deploying SAMBA in an
AD
>> > domain.
>> > Could you give me a link with a tutorial that explains in a simple
way
>> > the procedure for this?
>>
>> You could start here:
>>
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>>
>> >
>> > Just to not leave without a return I executed the following
commands:
>> >
>> > # getent group TJSC\users
>> > #
>> > Nothing came back.
>> It shouldn't, not even on a Samba AD DC
>> >
>> > # getent group TJSC users
>> > users: x: 100:
>> > This group "users" is local to the linux server (it is
in /etc/passwd)
>> > and does not exist in the AD domain.
>>
>> Ah, yes it does, just not where you expect it ;-)
>>
>> If you examine 'idmap.ldb' on a DC, you should find something
like this:
>>
>> dn: CN=S-1-5-21-1768301897-3342589593-1064908849-513
>> cn: S-1-5-21-1768301897-3342589593-1064908849-513
>> objectClass: sidMap
>> objectSid: S-1-5-21-1768301897-3342589593-1064908849-513
>> type: ID_TYPE_GID
>> xidNumber: 100
>> distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-513
>>
>> The '513' is the RID for Domain Users and the xidNumber maps it
to to
>> the local 'users' group.
>>
>> >
>> > I can then conclude that my intention to use local users of the
linux
>> > server without having to specify the name of the linux server is
not
>> > possible, right?
>>
>> Correct, not possible and definitely not supported on a Samba AD DC (or
>> any other Samba domain machine)
>>
>> Rowland
>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

Seemingly Similar Threads

Search for more maybe matching threads

samba - Jun 2020 - SAMBA using existing users and passwords on Linux

[Samba] SAMBA using existing users and passwords on Linux

[Samba] SAMBA using existing users and passwords on Linux

[Samba] SAMBA using existing users and passwords on Linux

Seemingly Similar Threads