On 06/12/2018 3:53 a.m., Jose Marques wrote:
>> On 5 Dec 2018, at 17:07, Gilbert E. Detillieux <[log in to unmask]> wrote:
>>
>> I looked up a few tutorials online, all of which focused on configuring NSS and PAM (with dire warnings about how getting this wrong will break your system authentication
>
> What are you trying to setup? A samba server that uses a domain controller to authenticate clients only, or a client that uses AD for users and groups?
The former. Specifically, this is an existing Samba server (that's been
in production use for a long time) that provides file and printer access
to Windows clients, and authenticates users against a pair of (Windows
Server based) AD servers.
The relevant lines from the [global] section of the smb.conf file are as
follows:
security = domain
passdb backend = tdbsam
workgroup = [redacted]
password server = [redacted]
client max protocol = SMB3
server max protocol = SMB3
winbind use default domain = false
winbind offline logon = false
What I'm now trying to set up is a working winbindd-based configuration
to essentially do what smbd used to do directly (communicating with the
AD server) before they took that functionality away, with as little fuss
(and opportunity for breakage) as possible.
--
Gilbert E. Detillieux E-mail: <[log in to unmask]>
Dept. of Computer Science Web: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.cs.umanitoba.ca_-7Egedetil_&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=cfDTt4SLLQ4SLUDRQfVS275GrKreqsZzb80rBM28NJE&s=-WimFxcL3ViS1frbH0TYXPoOSaWcVevuHHqJPU1aruY&e=
University of Manitoba Phone: (204)474-8161
Winnipeg MB CANADA R3T 2N2 Fax: (204)474-7609