[Samba] Several questions about winbind[d]
mathias dufresne
infractory at gmail.com
Tue Jun 30 04:17:22 MDT 2015
@Andrew: I expect these lines came from RDP issue workaround which should
be happening with previous Samba version. I removed all these lines as now,
with 4.2.2 Samba version RDP and RSAT are working well without them.
I removed also each and every idmap lines, commented most of winbind lines
too and now my smb.conf is:
------------------------------------------------------------
[global]
workgroup = AD.DOMAIN
realm = ad.domain.tld
netbios name = DC01
server role = active directory domain controller
dns forwarder = 10.0.0.240
wins support = yes
winbind nss info = rfc2307
[netlogon]
path = /var/lib/samba/sysvol/ad.domain.tld/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
------------------------------------------------------------
There is still something I don't understand:
"wbinfo -i some.user" does not show configured homeDirectory nor loginShell
nor for gidNumber
For loginShell it displays "/bin/false" rather than configured "/bin/bash"
For homeDirectory it displays "/home/AD.DOMAIN/some.user" rather configured
"/home/some.user"
For gidNumber it displays "100" rather than content of "gidNumber".
SSSD can easily be configured on non-DC to replace winbind and it gives
possibility to configure which LDB attributes are retrieved.
On DC I'm still facing incompatibility between Sernet's Samba and SSSD
package (on Centos 6 & 7 and Debian 8) so initially I planned to use
winbind in nsswitch.conf and pam.d/* on DC to be able to check ACLs on
sysvol folder but the fact using winbind all users have "Domain users" as
primary group seems to me an issue to agree with that solution...
As far I understand wbinfo fill user's primary group according to
"primaryGroup" value.
Is there a way to configure winbind to fill user's primary group using
"gidNumber" rather than "primaryGroup"?
Cheers,
mathias
2015-06-29 11:18 GMT+02:00 Andrew Bartlett <abartlet at samba.org>:
> On Thu, 2015-06-25 at 16:27 +0200, mathias dufresne wrote:
> > Hi all,
> >
> > I'm wondering about winbind[d] behaviour.
> > I tried the following with:
> > auth methods = sam winbindd
> > and the same with only one d:
> > auth methods = sam winbind
>
> Please never set these manually.
>
> There are almost no situations where these need to be manually managed,
> the defaults based on the server role will behave correctly and as
> expected.
>
> Thanks,
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba
>
>
>
More information about the samba
mailing list