Rowland Penny
2022-Mar-21 17:38 UTC
[Samba] authentication issue moving from Samba 4.11.x to 4.13.14
On Mon, 2022-03-21 at 13:17 -0400, Gaiseric Vandal via samba wrote:> LDAP is used for user and group lookups at the Unix/Linux level. > This > includes nfs and ssh. The authentication itself is typically > kerberos. Presumably if nsswitch.conf pointed to winbind but not > ldap > it everything would continue to work.Got to ask this, why are you using ldap for Unix user & group lookups ? I presume that the ldap lookups are searching for RFC2307 attributes, if so, ldap is a bit redundant, your 'ad' backend will use the same IDs While there a numerous superfluous lines in your smb.conf, it is basically sound. Rowland
Gaiseric Vandal
2022-Mar-21 19:08 UTC
[Samba] authentication issue moving from Samba 4.11.x to 4.13.14
On 3/21/22 13:38, Rowland Penny via samba wrote:> On Mon, 2022-03-21 at 13:17 -0400, Gaiseric Vandal via samba wrote: >> LDAP is used for user and group lookups at the Unix/Linux level. >> This >> includes nfs and ssh. The authentication itself is typically >> kerberos. Presumably if nsswitch.conf pointed to winbind but not >> ldap >> it everything would continue to work. > Got to ask this, why are you using ldap for Unix user & group lookups ? > I presume that the ldap lookups are searching for RFC2307 attributes, > if so, ldap is a bit redundant, your 'ad' backend will use the same IDs > > While there a numerous superfluous lines in your smb.conf, it is > basically sound. > > Rowland > >A lot of the engineering/scientific software we use runs on Linux.? A lot of the software development we do is also on Linux, so the focus of services on Solaris machines was to support Linux clients first, and Windows clients 2nd.??? I am fairly confident that if I configure /etc/nsswitch.conf to use winbind (not ldap) network users and groups that ssh login would still work.? but I don't know about NFS (which is dependent on kerberos security.)