[Samba] Override Linux homedir given by AD
steve at steve-ss.com
Thu Oct 31 03:56:39 MDT 2013
On Thu, 2013-10-31 at 09:40 +0000, Simon wrote:
> On 2013-10-30 23:39, trentbuck at gmail.com wrote:
> > Simon <simon at calmblue.net> writes:
> >> I have successfully joined a Debian 7 box to a 2008 R2 Windows Domain using Samba and Winbind. The Linux uid is pulled from the uidNumber in Active Directory as is the shell and home dir. PAM is also configured to create a user's homedir on login. The trouble is that in AD the homedir is set to '/User' and I don't want that to be the case on the Debian boxes - I would like to set it as /home/domain/user. Can I override the homedir setting on a per-client basis using the smb.conf?
> > AIUI from other ML correspondents, there are two winbinds
> > implementations -- one for samba3 and one for samba4 -- and the latter
> > doesn't let you change $HOME at all, as at 4.0.x.
> > You probably want to look at sssd instead of winbind.
> > I'm using a samba 4.0.9 AD DC and nss_winbind, and I got
> > /home/DOMAIN/alice instead of /home/alice, so I just cheated by running
> > "ln -s . /home/DOMAIN". I don't think that would work for you.
> Thanks, I'm using Samba version 3.6.6,
> Leaving sssd aside for a moment (because winbind seems to be working)
> are you saying that with 3.6.6 I _should_ be able to override the 'Home
> Directory' pulled from the AD?
> My current config:
> #=== Global Settings ===
> netbios name = "$hostname"
> server string = Samba Server %v on (%L)
> #=== Logging Options ===
> log level = 3
> # logs split per machine
> log file = /var/log/samba/%m.log
> # max 50KB per log file, then rotate
> max log size = 50
> #=== Domain Members Options ===
> security = ads
> realm = DOMAIN.EXAMPLE.COM
> workgroup = DOMAIN
> password server = dc.domain.example.com
> client ntlmv2 auth = yes
> restrict anonymous = 2
> idmap config * : range = 500-999
> idmap config "$domainMs" : backend = ad
> idmap config "$domainMs" : schema_mode = rfc2307
> idmap config "$domainMs" : readonly = yes
> idmap config "$domainMs" : range = 1000-4294967295
> idmap negative cache time = 20
> winbind cache time = 600
> winbind nss info = rfc2307
> winbind enum users = yes
> winbind enum groups = yes
> winbind expand groups = 2
> winbind use default domain = yes
> winbind offline logon = true
> #=== Browser Control Options ===
> local master = no
> preferred master = no
> os level = 0" >> /etc/samba/smb.conf
Just a few thoughts.
I'm assuming it's not an option to add the correct unixHomeDirectory
attribute in AD? Too many users perhaps?
Also, not possible to link from what you have set in AD to the real data
using wide links?
In sssd you can set:
and then set the homedir in smb.conf
I don't think you can do that with winbind.
More information about the samba