[Samba] Getent Differences on a DC and a Member Server

Felix Matouschek felix.matouschek at vipco.de
Thu Jul 2 06:18:47 UTC 2015 

Hi David,

I experienced this issue as well, it's currently a limitation of Samba 4.2.2.
Samba 4.2.2 DCs do not support pulling home directories and login shells from AD via rfc2307.

I solved this issue with the "template homedir" and "template shell" directives.
You lose some flexibility but at least it works.

Excerpt from my DC smb.conf:

winbind nss info = rfc2307:MYDOMAIN, template
template shell = /bin/bash
template homedir = /home/users/%U

Greetings,
Felix

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von David Minard
Gesendet: Donnerstag, 2. Juli 2015 06:18
An: samba at lists.samba.org
Betreff: [Samba] Getent Differences on a DC and a Member Server

G'day All,

     I'm running Centos 7, Samba4.2.2.  (SSSD is NOT running (not even installed on the Member Server))

/etc/nsswitch on both:

passwd:     files winbind
group:      files winbind

the winbind libs have been sym-linked as described in the tiki.  All seems to be working well on both the DC and Member Server.

Both smb.fonfs have:

   idmap config *:backend = tdb
   idmap config *:range = 3000000-4000000
   idmap config AD:backend = ad
   idmap config AD:schema_mode = rfc2307
   idmap config AD:range = 600-2999999

   winbind nss info = rfc2307
   winbind trusted domains only = no
   winbind use default domain = yes
   winbind enum users  = yes
   winbind enum groups = yes
   winbind refresh tickets = Yes


On the DC I've changed winbind to winbindd in the "server services" 
line, and winbindd starts up as expected.

Can anyone tell me why I get slightly different answers from 'getent passwd [username]' from a DC and a Member Server.

eg: getent passwd fred

DC:

fred:*:4999:1001:Fred Nerks:/home/AD/fred:/bin/false

On a Member Server:

fred:*:4999:1001:Fred Nerks:/home/fred:/bin/tcsh


On the DC the HomeDirectory and Shell Fields are not what I defined for user Fred.

On the Member Server, Homedirectory and Shell are what I defined for user Fred.

Why is there a difference?



--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list