Samba4: wide links and unix extensions
steve
steve at steve-ss.com
Sat Jul 7 11:25:47 MDT 2012
On 07/07/12 14:16, Michael Wood wrote:
> Hi
>
> On 7 July 2012 13:27, Jelmer Vernooij <jelmer at samba.org> wrote:
>> On Fri, Jul 06, 2012 at 07:48:49PM +0200, steve wrote:
>>> On 06/07/12 18:40, Jelmer Vernooij wrote:
>>>> On Fri, Jul 06, 2012 at 06:26:37PM +0200, steve wrote:
>>>>> All my home directories are symlinks from a share to the real data.
>
> Steve, your real problem is as follows, right?
>
> You want to have your actual home directories in different locations
> (e.g. on different disks) and not all in one directory.
>
> i.e. instead of:
>
> /home/user1
> /home/user2
> /home/user3
>
> you want:
>
> /home/staff/user1
> /home/students/year1/1a/user2
> /home/students/year2/2a/user3
>
> etc.
>
> but with winbind (if I understand correctly) you can only have
> /home/${username}, even though AD can store a different path to the
> home directory for each user.
>
> Jelmer, someone on the samba list suggested the symlink approach.
>
> I don't know the answers. Just trying to clarify a bit. I hope I
> succeeded and that what I wrote is correct :)
Hi Michael, hi everyone.
Yes, that's exactly what we want. Someone suggested the symlink
approach, but it simply doesn't work, or is not an option without
compromising security.
This really is where winbindd falls down. Unless we have distinct:
homeDirectory: \\server\share\user
and:
unixHomeDirectory: /the/real/share/user
we can't use symlinks. For SSO that is.
OK, we can work around it and have homeDirectory map to
unixHomeDirectory (example of a user who works below).
I realise that S4 is mainly aimed at windows but gizza chance to use the
ldap under Linux too eh? The schema lets us.
Cheers,
Steve
Example of a user:
dn: CN=steve2,CN=Users,DC=hh3,DC=site
cn: steve2
instanceType: 4
whenCreated: 20120629193423.0Z
uSNCreated: 3730
name: steve2
objectGUID: e7651707-05d4-4c16-8341-19c82ce68a06
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-3605328179-531901682-1830711284-1107
logonCount: 0
sAMAccountName: steve2
sAMAccountType: 805306368
userPrincipalName: steve2 at hh3.site
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=hh3,DC=site
pwdLastSet: 129854720630000000
uidNumber: 3000008
gidNumber: 20513
loginShell: /bin/bash
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: user
profilePath: \\hh1\profiles\steve2
homeDrive: Z:
memberOf: CN=staff,CN=Users,DC=hh3,DC=site
userAccountControl: 66048
accountExpires: 0
homeDirectory: \\hh1\staff\steve2
unixHomeDirectory: /home2/staff/steve2
whenChanged: 20120707060717.0Z
uSNChanged: 5327
distinguishedName: CN=steve2,CN=Users,DC=hh3,DC=site
More information about the samba-technical
mailing list