[Samba] root user in smbldap...how to change home
John H Terpstra
jht at samba.org
Mon Feb 7 22:53:57 GMT 2005
On Monday 07 February 2005 15:42, Craig White wrote:
> On Mon, 2005-02-07 at 17:20 -0500, David Trask wrote:
> > Hi,
> > I finally have my profiles problem squared away....
> > I've done away with the Administrator user in smbldap-tools by running
> > smbldap-populate -a root
> > instead of just plain
> > smbldap-populate
> > Thus root is now the samba admin. BUT....when I run getent passwd my
> > system shows the home directory as /home/root instead of /root....how can
> > I change this...or better yet how can I have my cake and eat it too in
> > the sense that when I set up my Samba/LDAP server that the root user has
> > the /root directory as home by default?
> you're the one in control and can write whatever value you want to LDAP.
> probably best to do it outside of your mass populate script
> Personally, I find it easier for my state of being NOT to have root in
> LDAP but have Administrator with uid=0
Please note that a side effect of Administrator with UID=0 as well as root
with UID=0 is that login name to UID and login name to SID resolution is no
longer unambiguous. This will break winbindd big time in critical situations.
The best advice is to have just 'root' with UID=0 and use 'root' as the domain
administrator account. The new privileges capability can be used to delegate
some administrative functions, such as adding machines to the domain, to
accounts other than 'root'.
Please do not recommend what you are doing personally as it will break Samba
for some users. I too am guilty of this advice and am struggling to update
the documentation to remove this advice and to clarify the importance of
unambiguous user name|UID|SIG resolution.
- John T.
John H Terpstra
Phone: +1 (650) 580-8668
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
More information about the samba