Winbind and AD: Local users with identical AD usernames

parcival39

6/20/24, 10:51 AM

we successfully got Samba up and running with Winbind on our openLeap 15.4. The Linux server is a member of the Windows domain. Due to a user with identical name in AD as well as locally on the Linux server, we have the following problem. How can we make sure, that the "local user" (with the same name in ad) is accessed via ssh and the "ad user" via smb ?

Thanks for any help Stefan

1 + 0

networking

active-directory

linux-networking

winbind

Score:1

Server

Massimo

6/20/24, 11:39 AM

I don't know the specifics about Winbind, but in Windows you can prefix the username with the domain name or the machine name to distinguish between a domain and a local user:

DOMAINNAME\username
HOSTNAME\username

The latter can also be specified as .\username, which generically means "this is a local user" and avoids the requirement to actually know the machine name.

+ 2

parcival39

6/20/24, 11:46 AM

Hi Massimo, I've thought about that, too, "user" (local) or "[email protected]" (ad). but if i connect to "user" via ssh, the mapping of "ad user" is done automatically, probably by winbind. Somehow you must be able to control this via the "domain suffix", the question is only at which place you do that.

Greg Askew

6/20/24, 4:09 PM

This sounds like normal Windows pass through authentication. If there is a local account on a Windows notebook and it is used to logon with it, and attempt to access a share on a domain-joined server, the workstation will send the username and password and authenticate with NTLM. If an equivalent AD user with the same password exists, it authenticates.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Winbind and AD: Local users with identical AD usernames

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.