[Samba] Override Linux homedir given by AD
Simon
simon at calmblue.net
Thu Oct 31 03:40:18 MDT 2013
On 2013-10-30 23:39, trentbuck at gmail.com wrote:
> Simon <simon at calmblue.net> writes:
>
>> I have successfully joined a Debian 7 box to a 2008 R2 Windows Domain using Samba and Winbind. The Linux uid is pulled from the uidNumber in Active Directory as is the shell and home dir. PAM is also configured to create a user's homedir on login. The trouble is that in AD the homedir is set to '/User' and I don't want that to be the case on the Debian boxes - I would like to set it as /home/domain/user. Can I override the homedir setting on a per-client basis using the smb.conf?
>
> AIUI from other ML correspondents, there are two winbinds
> implementations -- one for samba3 and one for samba4 -- and the latter
> doesn't let you change $HOME at all, as at 4.0.x.
>
> You probably want to look at sssd instead of winbind.
>
> I'm using a samba 4.0.9 AD DC and nss_winbind, and I got
> /home/DOMAIN/alice instead of /home/alice, so I just cheated by running
> "ln -s . /home/DOMAIN". I don't think that would work for you.
Thanks, I'm using Samba version 3.6.6,
Leaving sssd aside for a moment (because winbind seems to be working)
are you saying that with 3.6.6 I _should_ be able to override the 'Home
Directory' pulled from the AD?
My current config:
#=== Global Settings ===
[global]
netbios name = "$hostname"
server string = Samba Server %v on (%L)
#=== Logging Options ===
log level = 3
# logs split per machine
log file = /var/log/samba/%m.log
# max 50KB per log file, then rotate
max log size = 50
#=== Domain Members Options ===
security = ads
realm = DOMAIN.EXAMPLE.COM
workgroup = DOMAIN
password server = dc.domain.example.com
client ntlmv2 auth = yes
restrict anonymous = 2
idmap config * : range = 500-999
idmap config "$domainMs" : backend = ad
idmap config "$domainMs" : schema_mode = rfc2307
idmap config "$domainMs" : readonly = yes
idmap config "$domainMs" : range = 1000-4294967295
idmap negative cache time = 20
winbind cache time = 600
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
winbind expand groups = 2
winbind use default domain = yes
winbind offline logon = true
#=== Browser Control Options ===
local master = no
preferred master = no
os level = 0" >> /etc/samba/smb.conf
More information about the samba
mailing list