[Samba] Samba4 Using AD/UNIX attributes for home directory and shell not possible?

steve steve at steve-ss.com
Sun Aug 11 03:41:59 MDT 2013

On 10/08/13 22:23, Markus Gillmeister wrote:
> Hi,
> I'm would like to use the attributes in AD for home directory
> (homeDirectory) and the login shell  (loginShell) for users logging in via
> ssh to a linux box.
> I added the following parameters in the global-Section of
> /etc/samba/smb.conf:
>     winbind nss info = rfc2307
>     idmap_ldb:use rfc2307 = yes
> Also I set the attributes for a test-user (called tim) with some values.
> But when calling "getent passwd" I got the following result:
> ...
> SHADOW\tim:*:3000017:100:Tim Testinger:/home/SHADOW/tim:/bin/false
> So it seems that winbind is ignoring AD attributes. Is this a bug or did I
> misconfigure my samba installation?
> Best Regards
> Markus

On the DC, winbind will only read uidNumber and gidNumber. To be able to 
use the whole of rfc2307, use sssd or nss-ldapd.

If you want to use winbind, you will have to install Samba4 on a 
separate machine, domainify it and run it as a file server only. I 
suppose you could then ssh into that instead.

More information about the samba mailing list