Samba authenticate users against Windows Domain Controller (without /etc/nsswitch.conf)
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I want to setup a samba server that offers shares. The only thing it should do is:
- Authenticate access to the shares against an existing windows domain controller.
The things I want to avoid is:
- Having to add
winbindto/etc/nsswitch.conf - Do not have the AD users on my local systems (
getent passwdshould not show the AD users).
I really only want to have the authentication parsed of to the windows server itself.
Is that possible?
samba authentication samba4
asked Mar 1 '17 at 11:58
cytopia
62
add a comment |Â
up vote
1
down vote
favorite
I want to setup a samba server that offers shares. The only thing it should do is:
- Authenticate access to the shares against an existing windows domain controller.
The things I want to avoid is:
- Having to add
winbindto/etc/nsswitch.conf - Do not have the AD users on my local systems (
getent passwdshould not show the AD users).
I really only want to have the authentication parsed of to the windows server itself.
Is that possible?
samba authentication samba4
asked Mar 1 '17 at 11:58
cytopia
62
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I want to setup a samba server that offers shares. The only thing it should do is:
- Authenticate access to the shares against an existing windows domain controller.
The things I want to avoid is:
- Having to add
winbindto/etc/nsswitch.conf - Do not have the AD users on my local systems (
getent passwdshould not show the AD users).
I really only want to have the authentication parsed of to the windows server itself.
Is that possible?
samba authentication samba4
asked Mar 1 '17 at 11:58
cytopia
62
I want to setup a samba server that offers shares. The only thing it should do is:
- Authenticate access to the shares against an existing windows domain controller.
The things I want to avoid is:
- Having to add
winbindto/etc/nsswitch.conf - Do not have the AD users on my local systems (
getent passwdshould not show the AD users).
I really only want to have the authentication parsed of to the windows server itself.
Is that possible?
samba authentication samba4
samba authentication samba4
asked Mar 1 '17 at 11:58
cytopia
62
asked Mar 1 '17 at 11:58
cytopia
62
asked Mar 1 '17 at 11:58
cytopia
62
asked Mar 1 '17 at 11:58
cytopia
62
asked Mar 1 '17 at 11:58
cytopia
62
62
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
Join the Linux server to the domain using realmd/sssd. It will automatically configure nsswitch, pam and whatever is necessary.
Then restrict the local (ssh) login to deny domain users from logging in to your Linux server.
But if you really don't want getent to show the users, maybe you can use ldap instead of sssd.
edited Sep 27 at 16:58
Goro
6,67752865
answered Sep 27 at 16:37
Reinaldo Gomes
262
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Join the Linux server to the domain using realmd/sssd. It will automatically configure nsswitch, pam and whatever is necessary.
Then restrict the local (ssh) login to deny domain users from logging in to your Linux server.
But if you really don't want getent to show the users, maybe you can use ldap instead of sssd.
edited Sep 27 at 16:58
Goro
6,67752865
answered Sep 27 at 16:37
Reinaldo Gomes
262
add a comment |Â
up vote
0
down vote
Join the Linux server to the domain using realmd/sssd. It will automatically configure nsswitch, pam and whatever is necessary.
Then restrict the local (ssh) login to deny domain users from logging in to your Linux server.
But if you really don't want getent to show the users, maybe you can use ldap instead of sssd.
edited Sep 27 at 16:58
Goro
6,67752865
answered Sep 27 at 16:37
Reinaldo Gomes
262
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Join the Linux server to the domain using realmd/sssd. It will automatically configure nsswitch, pam and whatever is necessary.
Then restrict the local (ssh) login to deny domain users from logging in to your Linux server.
But if you really don't want getent to show the users, maybe you can use ldap instead of sssd.
edited Sep 27 at 16:58
Goro
6,67752865
answered Sep 27 at 16:37
Reinaldo Gomes
262
Join the Linux server to the domain using realmd/sssd. It will automatically configure nsswitch, pam and whatever is necessary.
Then restrict the local (ssh) login to deny domain users from logging in to your Linux server.
But if you really don't want getent to show the users, maybe you can use ldap instead of sssd.
edited Sep 27 at 16:58
Goro
6,67752865
answered Sep 27 at 16:37
Reinaldo Gomes
262
edited Sep 27 at 16:58
Goro
6,67752865
edited Sep 27 at 16:58
Goro
6,67752865
edited Sep 27 at 16:58
Goro
6,67752865
6,67752865
answered Sep 27 at 16:37
Reinaldo Gomes
262
answered Sep 27 at 16:37
Reinaldo Gomes
262
answered Sep 27 at 16:37
Reinaldo Gomes
262
262
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f348373%2fsamba-authenticate-users-against-windows-domain-controller-without-etc-nsswitc%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password