So I have idmap:rid working. The problem is I can set only the same shell for all users. I was trying to find a way to store the shell in AD. I have found a couple references to ||RFC2307. Can this be used with AD and if so is there a good article on it somewhere? (I looked through the samba docs but didn't find anythings yet perhaps I am just blind) Thanks for any help. Mark -- Mark Campbell Systems Analyst Digital Library Technologies The Pennsylvania State University mcc171@psu.edu, 814-865-4774
Mark Campbell wrote:> So I have idmap:rid working. The problem is I can set only the same > shell for all users. I was trying to find a way to store the shell in > AD. I have found a couple references to ||RFC2307. Can this be used > with AD and if so is there a good article on it somewhere? (I looked > through the samba docs but didn't find anythings yet perhaps I am just > blind)short form: - do an upgrade to Windows Server 2003 R2 on the DCs - set POSIX IDs in AD for all users und groups which you want to use with samba - compile samba with kerberos support - net ads join smb.conf: security = ADS realm = YOUR.DOMAIN idmap backend = ad winbind nss info = rfc2307 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes /etc/nsswitch.conf: passwd: files winbind shadow: files group: files winbind /etc/krb5.conf: [libdefaults] default_realm = YOUR.DOMAIN [realms] YOUR.DOMAIN = { kdc = xxx.xxx.xxx.xxx kdc = yyy.yyy.yyy.yyy }
I am using AD 2003 Standard Edition. I installed Microsoft Services for Unix and specified "winbind nss info = sfu" to achieve different home directories and different shells for users. --Sadique Mark Campbell wrote:> So I have idmap:rid working. The problem is I can set only the same > shell for all users. I was trying to find a way to store the shell in > AD. I have found a couple references to ||RFC2307. Can this be used > with AD and if so is there a good article on it somewhere? (I looked > through the samba docs but didn't find anythings yet perhaps I am just > blind) > Thanks for any help. > > Mark >