Rowland penny via samba wrote:> On 14/02/2021 20:34, Robert Steinmetz AIA wrote:
>>
>> I also have a couple of loose ends, samba-ad-dc is not starting on
>> boot and /etc/resolv.conf is being overwritten, even though I
>> disabled systemd-resolved. I think those are systemd issues - I'll
>> figure them out.
I got samba to start up it simply needed to be enabled with systemd
Ubuntu provides a service file.
The /etc/resolv.conf is still getting overwritten.>
> Lets start with a couple of Linux commands:
>
> rowland at devstation:~$ getent passwd rowland
> rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
> rowland at devstation:~$ grep 'rowland' /etc/passwd
> rowland at devstation:~$
In my case I've added a user 'debbie'
# wbinfo -u
NO.STEINMETZNET\administrator
NO.STEINMETZNET\guest
NO.STEINMETZNET\krbtgt
NO.STEINMETZNET\debbie
I created the user using samba-tool and supplied all of the Linux
options for /etc/passwd
# getent passwd 'debbie'
#
# grep 'debbie' /etc/passwd
#
# samba-tool user show debbie
dn: CN=debbie,CN=Users,DC=no,DC=steinmetznet,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: debbie
instanceType: 4
whenCreated: 20210214210450.0Z
whenChanged: 20210214210450.0Z
uSNCreated: 4077
name: debbie
objectGUID: 579819ff-3d53-4af6-bcfa-ffce4cb55968
badPwdCount: 0
codePage: 0
countryCode: 0
homeDirectory: /home/debbie
homeDrive: U
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-1775027329-1415986002-557698206-1103
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: debbie
sAMAccountType: 805306368
userPrincipalName: debbie at no.steinmetznet.com
objectCategory:
CN=Person,CN=Schema,CN=Configuration,DC=no,DC=steinmetznet,DC= com
uid: debbie
uidNumber: 1001
gidNumber: 1001
loginShell: /bin/bash
unixHomeDirectory: /home/debbie
pwdLastSet: 132578102905967880
userAccountControl: 512
uSNChanged: 4080
distinguishedName: CN=debbie,CN=Users,DC=no,DC=steinmetznet,DC=com
> If you use the 'ad' backend on Unix domain members, then you can
use
> the uidNumber and gidNumber attributes from AD along with the other
> rfc2307 attributes,
That's what I think I did with samba-tool> you can also opt to set the Unix home directories & login shell in the
> smb.conf (note: this is the only way to these? on an AD DC or using
> anyother winbind backend.
I don't understand what you're saying here. Particularly the part after
the paren.
> Try reading:
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> man idmap_ad
>
> man idmap_rid
>
>>
>> We have in the past used the /homes share to connect users to their
>> Linux home directory.
> You can still use the 'homes' share, though you will probably need
a
> 'root preexec' script to create the users directory as they connect
(I
> can help you with this), note that you shouldn't confuse a users Unix
> share with a the users Windows home directory.
In our current set up each user has a Windows profile and a Unix home
directory which is mounted as a /homes share to a drive letter. That is
used to store user specific information and things like the users
profile for email clients and other user specific information. I'm not
clear on what a Windows Home directory is. That is something I think I
can leave till later.>
>> Or should I add them to AD using samba-tool and provide the info from
>> /etc/passwd then delete the user from the passwd file.
>
> in order: yes,probably no and yes. Unless there is a really good
> reason to use ID's in the 1000 plus range (I cannot think of one, but
> who knows)
The only difference I can see from samba tool and /etc/passwd is the
uid. did I miss something? Is the reason to use a different range simply
to avoid conflicts?
Also is it necessary to modify nsswitch.conf to include winbind?