Armstrong, Scott Mr RDECOM CERDEC NVESD
2004-Aug-04 13:13 UTC
[Samba] Configuration Questions
These seem to be outside the scope of the standard documentation so I figured I'd see if I get a response. I've donned my asbestos suit in case virtual flame throwers are deployed... ;) 1. There are two parameters "nis homedir" and "homedir map" that seem locked to NIS although it would be extremely nice it they just worked in conjunction with automount/autofs regardless of the backend used by nsswitch. Does this seem like a reasonable request? Although we do not use NIS, it would be nice if the users' home server did not have to automount the local filesystem in order to export it to the Samba clients. For example, /etc/passwd lists /home/armstron and the file /etc/auto.home has "armstron\tnimrod:/home01/armstron". Under Unix, the user connects to any server with this map and the home follows him or her. Under Samba this is also the case, but it would be nice to lock the user to his/her home server by specifying his/her home as \\nimrod\homes and using the %p parameter so the home directory exported by Samba would be /home01/armstron as opposed to /home/armstron with the extraneous mount. It looks to me like the code is NIS locked as opposed to being written to automount/autofs though. 2. Can winbind be used in such a way that it cannot dynamically create users and can it be forced to use the MS Services for Unix schema extensions in Active Directory (also available as the MKSADplugins)? In our environment there is a one to one correspondence for users and the uid, gid, gecos, home directory, and shell are always set if the user is permitted to access the Unix hosts. There are Unix accounts that cannot access Windows resources and there are Windows accounts that cannot access Unix resources but we would NEVER want winbind to arbitrarily create accounts of any kind. Can this be done without a lot of convoluted idmap ldap stuff? 3. There were some patches floating around that allowed Samba and the system Kerberos keytab to peacefully coexist. They extended the "net" command to allow keytab creation and the addition of service principals. These functions are indispensible when hosting Kerberos in an Active Directory environment since there's no kadmin support. I've seen bits about it from Rakesh Patel and Dan Perry and was wondering whether there were any plans to incorporate it into the main distribution - maybe with an option to share or not share depending upon the environment? Thanks, Scott