[Samba] root user in smbldap...how to change home

Craig White craigwhite at azapple.com
Mon Feb 7 23:27:57 GMT 2005


On Mon, 2005-02-07 at 15:53 -0700, John H Terpstra wrote:
> On Monday 07 February 2005 15:42, Craig White wrote:
> > On Mon, 2005-02-07 at 17:20 -0500, David Trask wrote:
> > > Hi,
> > >
> > > I finally have my profiles problem squared away....
> > >
> > > I've done away with the Administrator user in smbldap-tools by running
> > >
> > > smbldap-populate -a root
> > >
> > > instead of just plain
> > >
> > > smbldap-populate
> > >
> > > Thus root is now the samba admin.  BUT....when I run getent passwd my
> > > system shows the home directory as /home/root instead of /root....how can
> > > I change this...or better yet how can I have my cake and eat it too in
> > > the sense that when I set up my Samba/LDAP server that the root user has
> > > the /root directory as home by default?
> >
> > ----
> > you're the one in control and can write whatever value you want to LDAP.
> >
> > probably best to do it outside of your mass populate script
> >
> > Personally, I find it easier for my state of being NOT to have root in
> > LDAP but have Administrator with uid=0
> 
> Craig,
> 
> Please note that a side effect of Administrator with UID=0 as well as root 
> with UID=0 is that login name to UID and login name to SID resolution is no 
> longer unambiguous. This will break winbindd big time in critical situations.
> 
> The best advice is to have just 'root' with UID=0 and use 'root' as the domain 
> administrator account. The new privileges capability can be used to delegate 
> some administrative functions, such as adding machines to the domain, to 
> accounts other than 'root'.
> 
> Please do not recommend what you are doing personally as it will break Samba 
> for some users. I too am guilty of this advice and am struggling to update 
> the documentation to remove this advice and to clarify the importance of 
> unambiguous user name|UID|SIG resolution.
----
1 - if you have root user in both /etc/passwd and DSA, you get errors in
ldap logs. You seem to have seized upon a configuration that is
knowingly imperfect but expedient for samba use. What happens if you
change root's password? which gets changed? who knows...probably depends
upon what client package is used to make the change. I only see
confusion here.

2 - if I don't recommend what I am doing personally, then I would be of
no help to anyone anywhere so I guess I don't understand the admonition.

if the admonition is the advice I am giving goes against the current
state of the How-to 'then' yes, I may be guilty as I am not always aware
of the current state of the How-to and occasionally reference my v2 of
the bound version that I bought at the store

if the admonition is that I am not looking at setup with only the tunnel
vision of making samba happy, yes, I am guilty.

if the admonition is that I don't consider winbindd, yes, I am guilty
because I don't use winbindd anywhere, never have so I am never
cognizant of the implications when using winbindd

Why is everyone so touchy today? Super Bowl hangover? 

;-)

Craig



More information about the samba mailing list