[Samba] samba4 and sssd and user mapping
Volker Lendecke
Volker.Lendecke at SerNet.DE
Mon Jan 27 08:53:44 MST 2014
On Mon, Jan 27, 2014 at 01:31:05PM -0200, Márcio Merlone wrote:
> Em 27-01-2014 11:43, Björn JACKE escreveu:
> >>Winbind does not provide extended unix attributes (homedir,
> >>shell, etc) as sssd does. Is this kind of rant you are referring
> >>to? If not, you may add this. :)
> >actually yes. Unfortunately I didn't see your previous posts on this list where
> >you false advised the use of sssd instead of winbind before.
> Me? Noooo. I am not in position to advice anything other than
> "replace your windows server for a samba server". I am looking for
> advice, not the other way around.
>
> >It's also not
> >true, that winbind does not provide the unix attributes like shell or homedir
> >to the nsswitch layer. Please read the smb.conf man page and also the wiki
> >carefully. You will find the parameter winbind nss info then.
> Ok. So I read:
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html
> and
> http://www.samba.org/samba/docs/man/manpages/smb.conf.5.html
>
> In short: winbind does not provide unix attributes like shell or
> homedir to the nsswitch layer *as defined on their AD database
> attributes*. It provides those as defined on a template, which may
> not satisfy all admins - users don't care about it :)
>
> I believe that the confusion on this thread and advantage of sssd
> over winbind are the lack of "template homedir" and "template shell"
> parameters.
> I'll explain: if you provision your AD DC with rfc2307 attributes
> for some users, they are ignored by winbind - except uid and gid -
> and templates used instead. So, if I have '/home/users/%n' as
> homedir for all users, but only one must have '/home/ftp/ftpuser',
> winbind will see it as '/home/user/ftpuser' and not what's defined
> on AD database.
Have you tried playing with the "winbind nss info"
parameter?
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba
mailing list