Winbind in Samba 4 suite and the template homedir parameter
Andrew Bartlett
abartlet at samba.org
Sun Aug 4 23:08:56 MDT 2013
On Mon, 2013-08-05 at 06:38 +0200, Davor Vusir wrote:
> Hi!
>
> The command "samba-tool testparm -v" returns "template homedir = /home/%WORKGROUP%/%ACCOUNTNAME%" when not set.
>
> Is there other variables that can be used?
>
> It is possible to add one or more uPNSuffixes to Samba 4 AD DC to alter the userPrincipalName. Both on the Forest level (cn=uPNSuffixes,cn=Partitions,...) and on OU-level (cn=uPNSuffixes,ou=example.org,dc=...) But is it possible to return the dns domain part, %UPNSUFFIXES%, in winbind? And use it for domain separated paths to home directories?
>
> For example:
> uPNSuffixes = example.org, example.net
>
> [global]
> template homedir = /home/%UPNSUFFIXES%/%ACCOUNTNAME%
>
> And winbind returns /home/example.org/<username> and /home/example.net/<username> respectivly.
No, it can't do anything other that %WORKGROUP% and %ACCOUNTNAME%. Additionally, I don't see how it could do multiple UPN suffixes, as we can only return one home directory.
A big part of the issue with doing something here is that remarkably,
the winbind in the AD DC is actually not currently hooked up to talk
LDAP, so is quite restricted in what it could base these on. The best
hope is for the not-yet-started project to use the source3/ winbind code
and then the rfc2307 attributes, which you could populate from a
script.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
More information about the samba-technical
mailing list