samba - Jul 2021 - Problem with Samba as Member to AD

On Sun, 2021-07-18 at 11:55 +0200, Mr Typo wrote:
> Yeah reading attributes from ad, like unixHomeDirectory and
> loginShell
> 
> When i understand it right, i can use
>         template homedir = /home/%U
> 
> for default values and setting the unixHomeDirectory and loginShell
> if
> i want another value, correct?
Yes and no :-)

Yes, you can add them to AD, but no they will not be used unless you
use the winbind ad backend, try reading this:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

and this:
https://wiki.samba.org/index.php/Idmap_config_ad
> 
> currently i play with the below configuration but i just the the
> template values for every user. Any ideas?
> 
>    [global]
>         workgroup = PFW
>         realm = PFW.LOCAL
>         security = ads
>         idmap config * : backend = tdb
>         idmap config * : range = 3000-7999
>         idmap config PFW:backend = ad
>         idmap config PFW:schema_mode = rfc2307
>         idmap config PFW:range = 10000-999999
>         idmap config PFW:unix_nss_info = yes
>         template homedir = /home/%U
>         template shell = /bin/bash
> #        idmap config PFW : backend = rid
> #        idmap config PFW : range = 500-19999999
> #        idmap config PFW : rangesize = 1000000
>         winbind use default domain = true
>         winbind enum users = no
>         winbind offline logon = true
>         log file = /var/log/samba/log.%m
>         max log size = 50
>         log level = 3
>         load printers = no
>         printing = bsd
>         printcap name = /dev/null
>         disable spoolss = yes
> 
That looks okay.

Rowland

i try that and report back. Thanks :)

On Sun, Jul 18, 2021 at 12:04 PM Rowland Penny via samba
<samba at lists.samba.org> wrote:
>
> On Sun, 2021-07-18 at 11:55 +0200, Mr Typo wrote:
> > Yeah reading attributes from ad, like unixHomeDirectory and
> > loginShell
> >
> > When i understand it right, i can use
> >         template homedir = /home/%U
> >
> > for default values and setting the unixHomeDirectory and loginShell
> > if
> > i want another value, correct?
>
> Yes and no :-)
>
> Yes, you can add them to AD, but no they will not be used unless you
> use the winbind ad backend, try reading this:
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> and this:
> https://wiki.samba.org/index.php/Idmap_config_ad
>
> >
> > currently i play with the below configuration but i just the the
> > template values for every user. Any ideas?
> >
> >    [global]
> >         workgroup = PFW
> >         realm = PFW.LOCAL
> >         security = ads
> >         idmap config * : backend = tdb
> >         idmap config * : range = 3000-7999
> >         idmap config PFW:backend = ad
> >         idmap config PFW:schema_mode = rfc2307
> >         idmap config PFW:range = 10000-999999
> >         idmap config PFW:unix_nss_info = yes
> >         template homedir = /home/%U
> >         template shell = /bin/bash
> > #        idmap config PFW : backend = rid
> > #        idmap config PFW : range = 500-19999999
> > #        idmap config PFW : rangesize = 1000000
> >         winbind use default domain = true
> >         winbind enum users = no
> >         winbind offline logon = true
> >         log file = /var/log/samba/log.%m
> >         max log size = 50
> >         log level = 3
> >         load printers = no
> >         printing = bsd
> >         printcap name = /dev/null
> >         disable spoolss = yes
> >
>
> That looks okay.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Hey Rowland,

thank you for your answers and help. I found another Layer8 problem
and now it is working as expected.

thank you again!

Typo

On Sun, Jul 18, 2021 at 12:04 PM Rowland Penny via samba
<samba at lists.samba.org> wrote:
>
> On Sun, 2021-07-18 at 11:55 +0200, Mr Typo wrote:
> > Yeah reading attributes from ad, like unixHomeDirectory and
> > loginShell
> >
> > When i understand it right, i can use
> >         template homedir = /home/%U
> >
> > for default values and setting the unixHomeDirectory and loginShell
> > if
> > i want another value, correct?
>
> Yes and no :-)
>
> Yes, you can add them to AD, but no they will not be used unless you
> use the winbind ad backend, try reading this:
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> and this:
> https://wiki.samba.org/index.php/Idmap_config_ad
>
> >
> > currently i play with the below configuration but i just the the
> > template values for every user. Any ideas?
> >
> >    [global]
> >         workgroup = PFW
> >         realm = PFW.LOCAL
> >         security = ads
> >         idmap config * : backend = tdb
> >         idmap config * : range = 3000-7999
> >         idmap config PFW:backend = ad
> >         idmap config PFW:schema_mode = rfc2307
> >         idmap config PFW:range = 10000-999999
> >         idmap config PFW:unix_nss_info = yes
> >         template homedir = /home/%U
> >         template shell = /bin/bash
> > #        idmap config PFW : backend = rid
> > #        idmap config PFW : range = 500-19999999
> > #        idmap config PFW : rangesize = 1000000
> >         winbind use default domain = true
> >         winbind enum users = no
> >         winbind offline logon = true
> >         log file = /var/log/samba/log.%m
> >         max log size = 50
> >         log level = 3
> >         load printers = no
> >         printing = bsd
> >         printcap name = /dev/null
> >         disable spoolss = yes
> >
>
> That looks okay.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba