Stefan G. Weichinger
2017-Jul-11 11:46 UTC
[Samba] Samba ADS-member-server: FQDNs in /etc/hosts
Am 2017-07-11 um 13:37 schrieb Stefan G. Weichinger:>> Having everything in AD, gives you the possibility of using different >> Unix home dirs etc per person. > > Not needed. I am the only UNIX user there. > > I only need separate [home] dirs for a group of users: > > some customers of my customer come by to do some work with a specific > software and I want to connect them to a specific user-folder on the > server, using the [homes] mechanism. > > ? Would that be impossible then ?I think I have it: template homedir = /home/%U works for me in this context, right?
On Tue, 11 Jul 2017 13:46:53 +0200 "Stefan G. Weichinger" <lists at xunil.at> wrote:> Am 2017-07-11 um 13:37 schrieb Stefan G. Weichinger: > > >> Having everything in AD, gives you the possibility of using > >> different Unix home dirs etc per person. > > > > Not needed. I am the only UNIX user there. > > > > I only need separate [home] dirs for a group of users: > > > > some customers of my customer come by to do some work with a > > specific software and I want to connect them to a specific > > user-folder on the server, using the [homes] mechanism. > > > > ? Would that be impossible then ? > > I think I have it: > > template homedir = /home/%U > > works for me in this context, right? > >That should work. Rowland
Stefan G. Weichinger
2017-Jul-11 12:19 UTC
[Samba] Samba ADS-member-server: FQDNs in /etc/hosts
Am 2017-07-11 um 14:00 schrieb Rowland Penny:>> template homedir = /home/%U >> >> works for me in this context, right? > > That should work.edited accordingly, and rm-ed that idmap schema line on DM. I now have on the DM: [global] workgroup = BUERO realm = secret.AT netbios name = SERVER security = ADS map to guest = Bad User username map = /etc/samba/smbusers dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind refresh tickets = yes winbind trusted domains only = no winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes # Use settings from AD for login shell and home directory winbind nss info = template template shell = /usr/sbin/nologin template homedir = /mnt/samba/Daten/%U map untrusted to domain = Yes # Default idmap config used for BUILTIN and local accounts/groups idmap config *:backend = tdb idmap config *:range = 2000-9999 # idmap config for domain BUERO idmap config BUERO:backend = rid idmap config BUERO:range = 10000-99999 load printers = no printing = bsd printcap name = /dev/null # turn off roaming profiles logon path = "" logon home = "" #hosts allow = localhost 192.168.16. 172.32.99. log level = 3 ---- Restarted winbind, did "killall -HUP" on smbd and nmbd. still can't login to DM via smbclient and that mentioned user. I assume I need to restart all the smbd daemons ... ?