Some starting point to understand NSS and PAM :
https://en.wikipedia.org/wiki/Name_Service_Switch
https://en.wikipedia.org/wiki/Pluggable_authentication_module
In short :
- you need something to discuss with the network user database (AD, old NT4
domain, NIS domain...) to retrieve information from that DB to forge UNIX
user's line (ie: a user line like into /etc/passwd). This can be done be
several tools: Winbind, SSSD, nslcd for recent software able to discuss
with AD (as you mentioned it).
- you will need to configure PAM for at some point it uses that tool
- you will need to configure NSS for it uses that tool
Here is a page from Samba wiki to configure a domain member (not a DC, a
member) using Winbind to retrieve user information:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
2017-01-27 12:01 GMT+01:00 basti via samba <samba at lists.samba.org>:
>
> Hello Again,
>
> I have a problem to understand differences between
>
> libnss-winbind
> libpam-winbind
> Kerberos
>
> I need to see Sambausers on linux box via "getent passwd".
> At the moment I sync users via LDAP, but i plan to migrate to Samba AD.
>
> I dont want to install samba (just for login) on this linux box if it is
> possible.
>
> Best regards,
>
> On 25.01.2017 16:37, Rowland Penny via samba wrote:
> >> Mailserver, get users via pam_ldap from PDC.
> > Depends on your mailserver, if it can use kerberos, then use kerneros.
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>