samba - Mar 2024 - Login in linux using ad accounts

Hi, all.

I have a configured AD, which is working fine, and a DC in the same
machine. I know this is not the best way to do it, but I had no other
choice available.

Now I need to have AD users able to login in the linux (ubuntu) directly.

It seems that would be possible through nsswitch.
Is that really possible? nsswitch is the only additional software needed?

Thanks,

Ricardo


<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
N?o
cont?m v?rus.www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

On Mon, 11 Mar 2024 12:32:45 -0300
Ricardo Campos via samba <samba at lists.samba.org> wrote:
> Hi, all.
> 
> I have a configured AD, which is working fine, and a DC in the same
> machine. I know this is not the best way to do it, but I had no other
> choice available.
I think that means you are using a Samba AD DC as a fileserver, if so,
then no, it isn't optimal, for various reasons. One of the main ones
being that you must set the share permissions from a Windows machine.
Is it possible to run a Unix domain member in a VM on the DC ?
> 
> Now I need to have AD users able to login in the linux (ubuntu)
> directly.
> 
> It seems that would be possible through nsswitch.
> Is that really possible? nsswitch is the only additional software
> needed?
Not quite, you haven't said what distro you are running, but you need
to set up the libnss winbind links, on Debian you can easily do this by
installing the the libnss-winbind & libpam-winbind packages, you must
also add 'winbind' to the 'passwd' & 'group' lines
in /etc/nsswitch.conf

Rowland