[Samba] winbind: uid range is ignored
steve
steve at steve-ss.com
Tue Aug 7 09:24:21 MDT 2012
On 07/08/12 16:15, Jonathan Buzzard wrote:
> On 07/08/12 15:10, steve wrote:
>> On 04/08/12 22:06, NdK wrote:
>>> Il 04/08/2012 21:13, steve ha scritto:
>>>
>>
>>> Uh? "wide links" seems a bad idea to me... At least from a security
>>> perspective.
>>> Why a single home directory? We have a single NFS share containing
>>> folders for the two domains and inside those a folder for each home.
>>> We are trying to migrate away from that, preferring a '[homes]' share
>>> where users will place the data they want to have available on every PC.
>>> This way even Firefox should work...
>>>
>> Hi Diego
>> We have home directories like:
>> home2/staff
>> home2/students/7a
>> home2/students/7b
>>
>> Winbind allows only one template homedir and all user home folders must
>> reside there (or tell me otherwise).
>>
>> The only way we can have what we want is:
>> 1. use nss-ldapd and store the true uinixHomeDirectory in AD
>> 2. winbind. We have a symlink in template homedir to the real data. For
>> that we need wide links.
>>
>
> 3. Use winbind to store the true unixHomeDirectory in AD.
>
Hi
If I store unixHomeDirectory in AD, winbind seems to ignore it. As far
as it's concerned, all home directories have to be in template homedir.
How would I use winbind to store it? This is why we tend toward 1.
nss-ldapd pulls all of rfc2307 from AD. winbind seems to recognise only
uidNumber and gidNumber. It doesn't sem to give you any control over
login shell and unixHomeDirectory. Everyone has the same shell and homedir.
Cheers,
Steve
More information about the samba
mailing list