Mandi! Rowland penny via samba In chel di` si favelave...> OK, but the computers don't need a UID for the machine password to work:Sure, but it NEED it if a deploy system running as SYSTEM user need access to a non-guest share, where there's some sensitive information, like a private key. I abuse this message for a clarification:> > I don't use the 'mkhome' feature of winbind, but a script in [users] > > share. Anyway, i think that the best solution will be a simple filter > > in 'mkhome', like explicitly add 'require_membership_of = ' with the > > SID of 'Domain Users'.Clearly i don't mena to add 'require_membership_of = <SID>' to winbind conf, because in this way you filter out 'tout court' computers from PAM/NSS, but adding a thing like 'mkome_require_membership_of = <SID>'. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
On 03/06/2021 10:43, Marco Gaiarin via samba wrote:> Mandi! Rowland penny via samba > In chel di` si favelave... > >> OK, but the computers don't need a UID for the machine password to work: > Sure, but it NEED it if a deploy system running as SYSTEM user need > access to a non-guest share, where there's some sensitive information, > like a private key.So you need to get into a non-guest share: rowland at devstation:~$ sudo smbclient //rpi400.samdom.example.com/data -P Try "help" to get a list of possible commands. smb: \> ls ? .?????????????????????????????????? D??????? 0? Fri Apr 23 10:27:02 2021 ? ..????????????????????????????????? D??????? 0? Fri Apr 23 10:27:02 2021 ??? ??? 60742460 blocks of size 1024. 53708528 blocks available pi at rpi400:~ $ sudo smbstatus Samba version 4.14.3-Debian PID???? Username???? Group Machine?????????????????????????????????? Protocol Version Encryption?????????? Signing ---------------------------------------------------------------------------------------------------------------------------------------- 24735?? devstation$? domain computers 192.168.0.49 (ipv4:192.168.0.49:41192)??? SMB3_11 -??????????????????? partial(AES-128-CMAC) Service????? pid???? Machine?????? Connected at???????????????????? Encryption?? Signing --------------------------------------------------------------------------------------------- data???????? 24735?? 192.168.0.49? Thu Jun? 3 11:04:48 2021 BST???? -??????????? - No locked files Is that what you require ? Rowland