[Samba] Override Linux homedir given by AD

Simon simon at calmblue.net
Thu Oct 31 03:40:18 MDT 2013


On 2013-10-30 23:39, trentbuck at gmail.com wrote: 

> Simon <simon at calmblue.net> writes:
>> I have successfully joined a Debian 7 box to a 2008 R2 Windows Domain using Samba and Winbind. The Linux uid is pulled from the uidNumber in Active Directory as is the shell and home dir. PAM is also configured to create a user's homedir on login. The trouble is that in AD the homedir is set to '/User' and I don't want that to be the case on the Debian boxes - I would like to set it as /home/domain/user. Can I override the homedir setting on a per-client basis using the smb.conf?
> AIUI from other ML correspondents, there are two winbinds
> implementations -- one for samba3 and one for samba4 -- and the latter
> doesn't let you change $HOME at all, as at 4.0.x.
> You probably want to look at sssd instead of winbind.
> I'm using a samba 4.0.9 AD DC and nss_winbind, and I got
> /home/DOMAIN/alice instead of /home/alice, so I just cheated by running
> "ln -s . /home/DOMAIN". I don't think that would work for you.

Thanks, I'm using Samba version 3.6.6, 

Leaving sssd aside for a moment (because winbind seems to be working)
are you saying that with 3.6.6 I _should_ be able to override the 'Home
Directory' pulled from the AD? 

My current config: 

#=== Global Settings ===

 netbios name = "$hostname"
 server string = Samba Server %v on (%L)

#=== Logging Options ===

 log level = 3
 # logs split per machine
 log file = /var/log/samba/%m.log
 # max 50KB per log file, then rotate
 max log size = 50

#=== Domain Members Options ===

 security = ads
 workgroup = DOMAIN
 password server = dc.domain.example.com
 client ntlmv2 auth = yes
 restrict anonymous = 2

 idmap config * : range = 500-999
 idmap config "$domainMs" : backend = ad
 idmap config "$domainMs" : schema_mode = rfc2307
 idmap config "$domainMs" : readonly = yes
 idmap config "$domainMs" : range = 1000-4294967295
 idmap negative cache time = 20

 winbind cache time = 600
 winbind nss info = rfc2307
 winbind enum users = yes
 winbind enum groups = yes
 winbind expand groups = 2
 winbind use default domain = yes
 winbind offline logon = true

#=== Browser Control Options ===

 local master = no
 preferred master = no
 os level = 0" >> /etc/samba/smb.conf 

More information about the samba mailing list