>On 04/06/2019 12:24, Andreas Habel via samba wrote: >> Hi, >> >> we are currently in the process of testing a Samba AD setup and have identified some "challenges" regarding user accounts in >/etc/passwd and in AD. >> >> Let me explain today's situation. Today we use a Linux file server that serves for both Linux and Windows clients and that >acts as a NT4 PDC. The client computers are dual boot Linux/Win 7. Under Linux, /etc/passwd, /etc/group and /etc/shadow are >rsynced from a central server to all other Linux servers and clients in our network. > >If you use AD, you will not have to do this, you just make the AD users >into Unix users as well. > >> The home folders for Linux users are mapped nfs shares that physically reside on the Linux file server (that also is our >PDC). Windows users map their smb shares from the same server. Under Linux we have an application that relies on that users of >this application exist in /etc/passwd. We use the same username/password for both the Windows domain and under Linux. > >See above > >What does the application do ? > >> >> Now, with the move to Samba AD, I read several places in the wiki and on this list that we can't have the same username in >local /etc/passwd and in AD, but I haven't seen an explanation why this might not be a good idea. In our world, we have the >same /etc/passwd on all Linux clients and servers, and we have control over user and group IDs so that they would be identical >in /etc/passwd and in AD for a given user. >You cannot have the same username in AD and /etc/passwd for several >reasons, a couple of which are, the first to be found will be used and >there is absolutely no reason to do this. >> >> I would therefore like to have >> - an AD DC, >> - a Linux file server as domain member, but with /etc/passwd that has the same usernames as in AD, > ? The above is not going to work >> - Windows clients (domain members), >> - Linux clients (not domain members, but with identical /etc/passwd like on file server and in AD). >That isn't a good idea, because they will not be Unix domain members, so >you will have to maintain two databases (AD and /etc/passwd) with the >same usernames & passwords, how do you plan to do this ? If you make >them all domain members, then you only have one database, AD >> >> So let me know what I'm missing or what I have not understood. >> >I don't think you really understand the concept behind AD ;-)Yes, maybe - for us, AD is a bit overkill because what we need is nothing more than NT4 domain functionality; since Win10 needs AD we're forced to use it. But thanks for your help (so far...), Christian and Rowland. Andreas -- Andreas Habel Petroleum engineering lab Geosciences | Unix network Faculty of Science and Technology University of Stavanger Norway Phone: +47-51 83 22 93
On 06/06/2019 15:20, Andreas Habel via samba wrote:>> On 04/06/2019 12:24, Andreas Habel via samba wrote: >>> Hi, >>> >>> we are currently in the process of testing a Samba AD setup and have identified some "challenges" regarding user accounts in >/etc/passwd and in AD. >>> >>> Let me explain today's situation. Today we use a Linux file server that serves for both Linux and Windows clients and that >acts as a NT4 PDC. The client computers are dual boot Linux/Win 7. Under Linux, /etc/passwd, /etc/group and /etc/shadow are >rsynced from a central server to all other Linux servers and clients in our network. >> If you use AD, you will not have to do this, you just make the AD users >> into Unix users as well. >> >>> The home folders for Linux users are mapped nfs shares that physically reside on the Linux file server (that also is our >PDC). Windows users map their smb shares from the same server. Under Linux we have an application that relies on that users of >this application exist in /etc/passwd. We use the same username/password for both the Windows domain and under Linux. >> See above >> >> What does the application do ? >> >>> Now, with the move to Samba AD, I read several places in the wiki and on this list that we can't have the same username in >local /etc/passwd and in AD, but I haven't seen an explanation why this might not be a good idea. In our world, we have the >same /etc/passwd on all Linux clients and servers, and we have control over user and group IDs so that they would be identical >in /etc/passwd and in AD for a given user. >> You cannot have the same username in AD and /etc/passwd for several >> reasons, a couple of which are, the first to be found will be used and >> there is absolutely no reason to do this. >>> I would therefore like to have >>> - an AD DC, >>> - a Linux file server as domain member, but with /etc/passwd that has the same usernames as in AD, >> ? The above is not going to work >>> - Windows clients (domain members), >>> - Linux clients (not domain members, but with identical /etc/passwd like on file server and in AD). >> That isn't a good idea, because they will not be Unix domain members, so >> you will have to maintain two databases (AD and /etc/passwd) with the >> same usernames & passwords, how do you plan to do this ? If you make >> them all domain members, then you only have one database, AD >>> So let me know what I'm missing or what I have not understood. >>> >> I don't think you really understand the concept behind AD ;-) > Yes, maybe - for us, AD is a bit overkill because what we need is nothing more than NT4 domain functionality; since Win10 needs AD we're forced to use it.Believe it or not, AD is easier to set up and maintain than an NT4-style domain, it also has a future, which an NT4-style domain doesn't :) Rowland
-----Original Message----- From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland penny via samba Sent: 6. juni 2019 17:04 To: samba at lists.samba.org Subject: Re: [Samba] same username in /etc/passwd and in AD>Believe it or not, AD is easier to set up and maintain than an NT4-style >domain, it also has a future, which an NT4-style domain doesn't :)The latter is certainly true, but I'm not quite sure when it comes to the set up and integration into an existing environment ;-) Andreas -- Andreas Habel Petroleum engineering lab Geosciences | Unix network Faculty of Science and Technology University of Stavanger Norway