[Samba] Advanced Winbind questions

[Adam Nielsen]

Hi Ansgar,

This won't be the most helpful answer, but perhaps it can give you a
few hints.

> 1. Windows does not differentiate between Capitals and lower case
> letters.
> 
> The Problem is that users can login with different spelling of their
> Username. And on every login with a different spelling Linux creates a
> new Homedirectory.

This *may* be solvable by the answer to question #3.

> 2. The ActiveDirectory contains a lot of groups from different
> Organisation Units in our Company. I want only some of the groups to
> be able to login.
> 
> Is it possible to tell winbind which users are able to login?

This is a tricky one - if used in nsswitch.conf then winbind does
generate /etc/passwd style entries which would tell whether a user can
log on or not.  What happens if you enter these manually
into /etc/passwd (use "getent passwd <username>") but change the
shell?  It may then be possible to allow some users to log in and
everyone else not.

Of course this is probably not the easiest to maintain as you'd have
to add each user manually.  Perhaps there's an option for specifying a
user's shell that you could use a replacement in
(e.g. shell=/bin/bash-%U) which would only allow the user to log in
if that file existed.

> 3. Is there any possibilty to tell winbind or Linux where to store a
> users homedirectory? Where is this Information stored if winbind is
> used?

There's an option that goes into smb.conf for this.  I think the
default has a %U or similar which gets replaced by the username, you
might be able to find a non case sensitive alternative here too (e.g.
UID)

Sorry I couldn't be more helpful!

Cheers,
Adam.