Hi, on my member server it is no problem to login with a domain account because I have set winbind use default domain = yes. But how to do this on a DC? It doesn't matter if winbind use default domain = yes is set. So can I do this? E.g. by using su command? The reason for my question is to run cronjobs by dedicated service accounts. Thanks in advance Tim
Hello Tim, Am 21.02.2015 um 21:10 schrieb Tim:> on my member server it is no problem to login with a domain > account because I have set winbind use default domain = yes. > > But how to do this on a DC? It doesn't matter if winbind > use default domain = yes is set. So can I do this? > E.g. by using su command?Because winbind isn't started per default and there are some problems with it at the moment. Alternatives: sssd: https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd nlscd: https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd Regards, Marc
On 21/02/15 20:10, Tim wrote:> Hi, > > on my member server it is no problem to login with a domain account because I have set winbind use default domain = yes.This setting just removes the domain name i.e. DOMAIN\username becomes username> > But how to do this on a DC? It doesn't matter if winbind use default domain = yes is set. So can I do this? E.g. by using su command?You need to set /etc/nsswitch.conf to use winbind and you may also have to install extra packages and set up PAM to use them.> > The reason for my question is to run cronjobs by dedicated service accounts.Why not set cron to use a local user e.g. root Rowland> Thanks in advance > Tim
I will give sssd a try. The wiki tells about using a machine account for the keytab. What happens when the password expires? What will happen to the keytab? @Rowland: I'd like to use central accounts for the same tasks on all servers. This will make things easier. Am 21. Februar 2015 21:55:30 MEZ, schrieb Marc Muehlfeld <mmuehlfeld at samba.org>:>Hello Tim, > >Am 21.02.2015 um 21:10 schrieb Tim: >> on my member server it is no problem to login with a domain >> account because I have set winbind use default domain = yes. >> >> But how to do this on a DC? It doesn't matter if winbind >> use default domain = yes is set. So can I do this? >> E.g. by using su command? > >Because winbind isn't started per default and there are some problems >with it at the moment. Alternatives: > >sssd: >https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd > >nlscd: >https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd > > >Regards, >Marc
Apparently Analagous Threads
- NSLCD works, do I need RFC2307 extensions enabled in AD as well?
- Samba 4 two DCs no matching UID/GID
- NSLCD works, do I need RFC2307 extensions enabled in AD as well?
- How to configure samba to use LDAP/Kerberos authentication without using winbind?
- Samba 4 two DCs no matching UID/GID