[Samba] smb.conf for around 2500 users
Jonathan Buzzard
jonathan at buzzard.me.uk
Tue Jul 3 02:18:33 MDT 2012
On Mon, 2012-07-02 at 18:20 +0200, steve wrote:
[SNIP]
>
> I think I must be missing something here because as far as I can see,
> winbindd puts all users into the directory specified in template
> homedir. [homes] then picks out the user from there.
>
Yes you are stop using template homedir and configure winbind correctly.
> At the moment we are using nss-pam-ldapd to grab the unixHomeDirectory
> from AD. How do I get winbindd or nss to map unixHomeDirectory to
> something I can then map to a windows drive letter?
>
All depends on which version of Samba you are using, but for the Samba3x
packages in RHEL5.8 and samba packages in RHEL6 the following works
# deal with NSS and the whole UID/SID id mapping stuff
idmap backend = tdb
idmap uid = 2000000 - 2999999
idmap gid = 2000000 - 2999999
idmap config MYDOMAIN : backend = nss
idmap config MYDOMAIN : readonly = yes
idmap config MYDOMAIN : range = 500 - 1999999
idmap cache time = 604800
idmap negative cache time = 20
winbind cache time = 600
winbind nss info = rfc2307
winbind expand groups = 2
winbind nested groups = yes
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
winbind offline logon = false
You need to edit /etc/nsswitch of course. This is the "samba" way of
doing things.
As to suggestions to use autofs on 2500 users, my advice is don't. Works
well at ~50 users but gets flacky at couple hundred users with random
things not working 100% of the time that will take you for ever to track
down to autofs if you do.
JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
More information about the samba
mailing list