Hi,
I'm trying to use SFU to set user IDs, shells, etc. but I can't work out
the right magic - it always seems to use default template shell and home
directory (but the UID seems correct)
The global section of my smb4.conf looks like so:
# Global parameters
[global]
log level = all:2
netbios name = GATEWAY2
realm = BEGER.COM.AU
server role = active directory domain controller
workgroup = BEGER
server services = -dns
time server = yes
winbind nss info = sfu
winbind use default domain = yes
root at gateway2:~ # getent passwd testuser
BEGER\testuser:*:123123:20::/home/BEGER/testuser:/bin/false
Whereas the shell should be /bin/sh and the home directory /home/testuser
# record 26
dn: CN=test user,CN=Users,DC=beger,DC=com,DC=au
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: test user
...
uidNumber: 123123
loginShell: /bin/sh
unixHomeDirectory: /home/testuser
gidNumber: 0
msSFU30Name: testuser
...
This is FreeBSD 12.1-RELEASE-p7 with Samba 4.11.8 using ZFS.
Thanks
--
Daniel O'Connor
"The nice thing about standards is that there
are so many of them to choose from."
-- Andrew Tanenbaum
On 30/08/2020 10:12, O'Connor, Daniel via samba wrote:> Hi, > I'm trying to use SFU to set user IDs, shells, etc. but I can't work out the right magic - it always seems to use default template shell and home directory (but the UID seems correct) > > The global section of my smb4.conf looks like so: > # Global parameters > [global] > log level = all:2 > netbios name = GATEWAY2 > realm = BEGER.COM.AU > server role = active directory domain controller > workgroup = BEGER > server services = -dns > time server = yes > winbind nss info = sfu > winbind use default domain = yes > > root at gateway2:~ # getent passwd testuser > BEGER\testuser:*:123123:20::/home/BEGER/testuser:/bin/false > > Whereas the shell should be /bin/sh and the home directory /home/testuserNo, you would like the shell to be /bin/sh and the home directory /home/testuser, but you have a big problem, it doesn't work like that on a DC :-( Winbind only pulls ID's from AD on a DC, it ignores the shell and home directories. All DC's are time servers, so don't need that line and the two winbind lines do nothing on a DC, so you might as well remove them. Rowland
> On 30 Aug 2020, at 19:01, Rowland penny via samba <samba at lists.samba.org> wrote: >> root at gateway2:~ # getent passwd testuser >> BEGER\testuser:*:123123:20::/home/BEGER/testuser:/bin/false >> >> Whereas the shell should be /bin/sh and the home directory /home/testuser > > No, you would like the shell to be /bin/sh and the home directory /home/testuser, but you have a big problem, it doesn't work like that on a DC :-( > > Winbind only pulls ID's from AD on a DC, it ignores the shell and home directories. All DC's are time servers, so don't need that line and the two winbind lines do nothing on a DC, so you might as well remove them.Well I guess that explains why it doesn't work then :) I can (and currently do) work around it by having entries in master.passwd that have the correct shell etc.. -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum