On 06/12/2018 3:53 a.m., Jose Marques wrote:

>> On 5 Dec 2018, at 17:07, Gilbert E. Detillieux <[log in to unmask]> wrote:

>>

>> I looked up a few tutorials online, all of which focused on configuring NSS and PAM (with dire warnings about how getting this wrong will break your system authentication

> 

> What are you trying to setup? A samba server that uses a domain controller to authenticate clients only, or a client that uses AD for users and groups?



The former.  Specifically, this is an existing Samba server (that's been 

in production use for a long time) that provides file and printer access 

to Windows clients, and authenticates users against a pair of (Windows 

Server based) AD servers.



The relevant lines from the [global] section of the smb.conf file are as 

follows:



         security = domain

         passdb backend = tdbsam

         workgroup = [redacted]

         password server = [redacted]

         client max protocol = SMB3

         server max protocol = SMB3

         winbind use default domain = false

         winbind offline logon = false



What I'm now trying to set up is a working winbindd-based configuration 

to essentially do what smbd used to do directly (communicating with the 

AD server) before they took that functionality away, with as little fuss 

(and opportunity for breakage) as possible.



-- 

Gilbert E. Detillieux		E-mail:	<[log in to unmask]>

Dept. of Computer Science	Web:	https://urldefense.proofpoint.com/v2/url?u=http-3A__www.cs.umanitoba.ca_-7Egedetil_&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=cfDTt4SLLQ4SLUDRQfVS275GrKreqsZzb80rBM28NJE&s=-WimFxcL3ViS1frbH0TYXPoOSaWcVevuHHqJPU1aruY&e=

University of Manitoba		Phone:	(204)474-8161

Winnipeg MB CANADA  R3T 2N2	Fax:	(204)474-7609