[Samba] Restricting access to [homes]

steve steve at steve-ss.com
Thu May 24 04:22:24 MDT 2012

On 05/23/2012 09:39 PM, NdK wrote:
> On 23/05/2012 15:30, steve wrote:
>> If the gidNumber for the gid is stored in AD (as the 2008 and samba4
>> schema allow) then there can be no clash. It is then no problem in
>> extracting it and applying it using normal /etc/nsswitch.conf format.
> The AD schema is still 2003. And who manages it thinks the world is
> Win-only :( It's easier to talk a mountain into moving itself than
> making 'em change a single bit in the schema...
> [...]

Hi Diego

I think the schema we use (Samba4)  is m$ supplied. Our devs fought to 
get it out of them a few months ago. It is 2008 and/or 2008r2. It 
certainly has all the rfc2307 stuff that Linux needs out of the box. It 
has objectClasses posixGroup and posixAccount and all the attributes 
that go with them.

We tried winbind, but the mappings uid:gid just don't work for us. It 
seems a pity to have this all available in the schema but still 
recommend external winbind mappings. But we are very novice in all this.

More information about the samba mailing list