[Samba] Manage unix users from AD
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue Jan 28 06:10:11 MST 2014
On Tue, Jan 28, 2014 at 01:54:11PM +0100, Sven Schwedas wrote:
> > Which of each would bring my rfc2307 users with all their attributes
> > defined on SFU, *and only those users*, to my linux system? If I create
> > a user _without_ rc2307 means I don't want linux to know about him. If I
> > define a user with /bin/false as shell on SFU, bring that to linux.
> > That's it. As an admin, I don't care about idmapping, I already defined
> > an uidNumber (or wathever AD attribute is used to store it) to the user,
> > just use it.
>
> Then you can safely ignore winbindd, as it doesn't honour shell settings.
If you use "winbind nss info = sfu" it should do it.
> Food for thought: Is offline login (/resilience against domain
> controller outages) needed? nss_ldap afaik does not provide this
> natively, e.g., and needs external caching by pam_ccreds (which makes
> for a more complicated setup).
With "winbind offline logon = yes" it should be possible to
get offline logons working. That's exactly what Jeremy wrote
about in a recent mail.
With best regards,
Volker Lendecke
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba
mailing list