Stefan G. Weichinger
2017-Jan-01 16:50 UTC
[Samba] ADS domain member: winbind fails [SOLVED]
Am 2017-01-01 um 17:32 schrieb Rowland Penny via samba:> If you have a user called 'root', then it is easy, remove it, 'root' > shouldn't exist in AD, it is a Unix only user and you need to map > Administrator to 'root' in the user.mapremoved from AD now. the user.map was there already, as mentioned.> The only thing is, do any of your users need to actually login into the > domain member ?not really> If so, this is where using the 'ad' backend comes into its own, you > just need to add 'loginshell' and 'unixHomeDirectory' attributes > to the required users i.e. > > loginshell: /bin/bash > unixHomeDirectory: /home/sgwboth attributes are there already, but in getent I get /bin/false # getent passwd sgw sgw:*:10000:10513::/home/ARBEITSGRUPPE/sgw:/bin/false that is optional, but nice to know, sure!
Stefan G. Weichinger
2017-Jan-01 17:46 UTC
[Samba] ADS domain member: winbind fails [SOLVED]
Am 2017-01-01 um 17:50 schrieb Stefan G. Weichinger via samba:> both attributes are there already, but in getent I get /bin/false > > # getent passwd sgw > sgw:*:10000:10513::/home/ARBEITSGRUPPE/sgw:/bin/false > > that is optional, but nice to know, sure!added winbind nss info = rfc2307 on the member server. Looks better now.
On Sun, 1 Jan 2017 18:46:10 +0100 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 2017-01-01 um 17:50 schrieb Stefan G. Weichinger via samba: > > > both attributes are there already, but in getent I get /bin/false > > > > # getent passwd sgw > > sgw:*:10000:10513::/home/ARBEITSGRUPPE/sgw:/bin/false > > > > that is optional, but nice to know, sure! > > added > > winbind nss info = rfc2307 > > on the member server. Looks better now. >ah, yes, without that you were using 'winbind nss info = template' and that doesn't get the loginshell and unixhomedirectory attributes. Rowland