Winbind in Samba 4 suite and the template homedir parameter

Davor Vusir davor.vusir at live.se
Mon Aug 5 03:00:45 MDT 2013 


-----Original Message----- 
From: Andrew Bartlett
Sent: Monday, August 05, 2013 7:08 AM
To: Davor Vusir
Cc: samba-technical at lists.samba.org
Subject: Re: Winbind in Samba 4 suite and the template homedir parameter

On Mon, 2013-08-05 at 06:38 +0200, Davor Vusir wrote:
> Hi!
>
> The command "samba-tool testparm -v" returns "template homedir = 
> /home/%WORKGROUP%/%ACCOUNTNAME%" when not set.
>
> Is there other variables that can be used?
>
> It is possible to add one or more uPNSuffixes to Samba 4 AD DC to alter 
> the userPrincipalName. Both on the Forest level 
> (cn=uPNSuffixes,cn=Partitions,...) and on OU-level 
> (cn=uPNSuffixes,ou=example.org,dc=...) But is it possible to return the 
> dns domain part, %UPNSUFFIXES%, in winbind? And use it for domain 
> separated paths to home directories?
>
> For example:
> uPNSuffixes = example.org, example.net
>
> [global]
> template homedir = /home/%UPNSUFFIXES%/%ACCOUNTNAME%
>
> And winbind returns /home/example.org/<username> and 
> /home/example.net/<username> respectivly.

No, it can't do anything other that %WORKGROUP% and %ACCOUNTNAME%. 
Additionally, I don't see how it could do multiple UPN suffixes, as we can 
only return one home directory.

Ok.

There is still only one home directory per user. But different directory 
paths depending on organizational affiliation.
Am I correct if I say that Winbind get the value for %WORKGROUP% from the 
'workgroup'-parameter in smb.conf? From where does Winbind get the value for 
%ACCOUNTNAME%?

A big part of the issue with doing something here is that remarkably,
the winbind in the AD DC is actually not currently hooked up to talk
LDAP, so is quite restricted in what it could base these on.  The best
hope is for the not-yet-started project to use the source3/ winbind code
and then the rfc2307 attributes, which you could populate from a
script.

I see.
Thank you for the information.

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Catalyst IT                   http://catalyst.net.nz

More information about the samba-technical mailing list