Markus Gillmeister
2013-Aug-10 20:23 UTC
[Samba] Samba4 Using AD/UNIX attributes for home directory and shell not possible?
Hi, I'm would like to use the attributes in AD for home directory (homeDirectory) and the login shell (loginShell) for users logging in via ssh to a linux box. I added the following parameters in the global-Section of /etc/samba/smb.conf: winbind nss info = rfc2307 idmap_ldb:use rfc2307 = yes Also I set the attributes for a test-user (called tim) with some values. But when calling "getent passwd" I got the following result: ... SHADOW\tim:*:3000017:100:Tim Testinger:/home/SHADOW/tim:/bin/false So it seems that winbind is ignoring AD attributes. Is this a bug or did I misconfigure my samba installation? Best Regards Markus
Gémes Géza
2013-Aug-11 04:31 UTC
[Samba] Samba4 Using AD/UNIX attributes for home directory and shell not possible?
Hi,> Hi, > > I'm would like to use the attributes in AD for home directory > (homeDirectory) and the login shell (loginShell) for users logging in via > ssh to a linux box.Samba 4.x has (from the point of view of domain membership) two modes: 1. Active directory domain controller 2. Standalone, domain member or classic (NT4-like) domain controller In the first case only the samba binary should run, which takes care of the winbind task (mapping user attributes) too. Unfortunately it can't retrieve homedir and shell attributes from the directory. In the second case a separate winbind instance is/should be running which is able to use those mapping from the directory, so if you are not running an AD DC on the box in question, please send your whole config to be able to help debugging it.> I added the following parameters in the global-Section of > /etc/samba/smb.conf: > winbind nss info = rfc2307 > idmap_ldb:use rfc2307 = yes > > Also I set the attributes for a test-user (called tim) with some values. > > But when calling "getent passwd" I got the following result: > ... > SHADOW\tim:*:3000017:100:Tim Testinger:/home/SHADOW/tim:/bin/false > > So it seems that winbind is ignoring AD attributes. Is this a bug or did I > misconfigure my samba installation? > > Best Regards > Markus >Regards Geza Gemes
steve
2013-Aug-11 09:41 UTC
[Samba] Samba4 Using AD/UNIX attributes for home directory and shell not possible?
On 10/08/13 22:23, Markus Gillmeister wrote:> Hi, > > I'm would like to use the attributes in AD for home directory > (homeDirectory) and the login shell (loginShell) for users logging in via > ssh to a linux box. > > I added the following parameters in the global-Section of > /etc/samba/smb.conf: > winbind nss info = rfc2307 > idmap_ldb:use rfc2307 = yes > > Also I set the attributes for a test-user (called tim) with some values. > > But when calling "getent passwd" I got the following result: > ... > SHADOW\tim:*:3000017:100:Tim Testinger:/home/SHADOW/tim:/bin/false > > So it seems that winbind is ignoring AD attributes. Is this a bug or did I > misconfigure my samba installation? > > Best Regards > Markus >Hi On the DC, winbind will only read uidNumber and gidNumber. To be able to use the whole of rfc2307, use sssd or nss-ldapd. If you want to use winbind, you will have to install Samba4 on a separate machine, domainify it and run it as a file server only. I suppose you could then ssh into that instead. HTH Steve