cYuSeDfZfb cYuSeDfZfb
2023-Feb-02 10:10 UTC
[Samba] winbind for nsswitch, without AD membership
Hi, I am setting up a standalone samba server (with tdbsam) on RHEL9, following the immaculate samba wiki: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server The user creation flow described in the standalone scenario is: - create a system user (useradd ) with password - create a samba user (smbpasswd) with password In my previous work, I have always used domain member servers with security = ADS / winbind idmap 'ad' backend / winbind for local linux users. My question: is it possible to use winbind with autorid & tdbsam (and security = user) to avoid the requirement to generate each user TWICE? MJ
On 02/02/2023 10:10, cYuSeDfZfb cYuSeDfZfb via samba wrote:> Hi, > > I am setting up a standalone samba server (with tdbsam) on RHEL9, > following the immaculate samba wiki: > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server > > The user creation flow described in the standalone scenario is: > > - create a system user (useradd ) with password > - create a samba user (smbpasswd) with password > > In my previous work, I have always used domain member servers with > security = ADS / winbind idmap 'ad' backend / winbind for local linux > users. > > My question: is it possible to use winbind with autorid & tdbsam (and > security = user) to avoid the requirement to generate each user TWICE? > > MJ >No, but you could use winbind with autorid (or rid) and the default tdbsam and 'security = ADS', then do not create users on the Samba Unix domain member, that way, you only create the user once, in AD. If you have AD, then leverage it, if not, script around the user creation. NOTE: if you use the rid idmap backend, you can also use 'winbind use default domain = yes'. Rowland