0

we successfully got Samba up and running with Winbind on our openLeap 15.4. The Linux server is a member of the Windows domain. Due to a user with identical name in AD as well as locally on the Linux server, we have the following problem. How can we make sure, that the "local user" (with the same name in ad) is accessed via ssh and the "ad user" via smb ?

Thanks for any help Stefan

parcival39
  • 1

1 Answers1

1

I don't know the specifics about Winbind, but in Windows you can prefix the username with the domain name or the machine name to distinguish between a domain and a local user:

DOMAINNAME\username
HOSTNAME\username

The latter can also be specified as .\username, which generically means "this is a local user" and avoids the requirement to actually know the machine name.

Massimo
  • 70,200
  • 57
  • 200
  • 323
  • Hi Massimo, I've thought about that, too, "user" (local) or "user@ad-domain.com" (ad). but if i connect to "user" via ssh, the mapping of "ad user" is done automatically, probably by winbind. Somehow you must be able to control this via the "domain suffix", the question is only at which place you do that. – parcival39 Jun 20 '23 at 11:46
  • 2
    This sounds like normal Windows pass through authentication. If there is a local account on a Windows notebook and it is used to logon with it, and attempt to access a share on a domain-joined server, the workstation will send the username and password and authenticate with NTLM. If an equivalent AD user with the same password exists, it authenticates. – Greg Askew Jun 20 '23 at 16:09