[Samba] Override Linux homedir given by AD

Simon simon at calmblue.net
Thu Oct 31 04:17:49 MDT 2013


On 2013-10-31 09:56, steve wrote: 

> On Thu, 2013-10-31 at 09:40 +0000, Simon wrote:
> On 2013-10-30 23:39, trentbuck at gmail.comwrote: Simon <simon at calmblue.net> writes: I have successfully joined a Debian 7 box to a 2008 R2 Windows Domain using Samba and Winbind. The Linux uid is pulled from the uidNumber in Active Directory as is the shell and home dir. PAM is also configured to create a user's homedir on login. The trouble is that in AD the homedir is set to '/User' and I don't want that to be the case on the Debian boxes - I would like to set it as /home/domain/user. Can I override the homedir setting on a per-client basis using the smb.conf? AIUI from other ML correspondents, there are two winbinds implementations -- one for samba3 and one for samba4 -- and the latter doesn't let you change $HOME at all, as at 4.0.x. You probably want to look at sssd instead of winbind. I'm using a samba 4.0.9 AD DC and nss_winbind, and I got /home/DOMAIN/alice instead of /home/alice, so I just cheated by running "ln -s . /home/DOMAIN". I don't think that would work for y
 Thanks, I'm using Samba version 3.6.6, Leaving sssd aside for a moment
(because winbind seems to be working) are you saying that with 3.6.6 I
_should_ be able to override the 'Home Directory' pulled from the AD? My
current config: #=== Global Settings === [global] netbios name =
"$hostname" server string = Samba Server %v on (%L) #=== Logging Options
=== log level = 3 # logs split per machine log file =
/var/log/samba/%m.log # max 50KB per log file, then rotate max log size
= 50 #=== Domain Members Options === security = ads realm =
DOMAIN.EXAMPLE.COM workgroup = DOMAIN password server =
dc.domain.example.com client ntlmv2 auth = yes restrict anonymous = 2
idmap config * : range = 500-999 idmap config "$domainMs" : backend = ad
idmap config "$domainMs" : schema_mode = rfc2307 idmap config
"$domainMs" : readonly = yes idmap config "$domainMs" : range =
1000-4294967295 idmap negative cache time = 20 winbind cache time = 600
winbind nss info = rfc2307 winbind enum users = yes winbind enum groups
= yes winbind expand groups = 2 winbind use default domain = yes winbind
offline logon = true #=== Browser Control Options === local master = no
preferred master = no os level = 0" >> /etc/samba/smb.conf 

Just a few thoughts.

I'm assuming it's not an option to add the correct unixHomeDirectory
attribute in AD? Too many users perhaps?

Also, not possible to link from what you have set in AD to the real data
using wide links?

In sssd you can set:
ldap_user_home_directory = 
and then set the homedir in smb.conf

I don't think you can do that with winbind.


Ideally yes, setting the correct home directory in AD would be my
preference but at the moment I'm unsure as to all the implications of
doing that here. 

Creating a local symbolic link from /Users -> /home/DOMAIN/ is actually
quite neat (thanks also Trent) and probably what I'm going to end up
doing for now. 

It seems like sssd is the way forward with Linux AD integration but I
haven't had any success yet - on Debian 7, winbind almost works out the

Do you know of any good guides / resources for sssd, perhaps
specifically for Debain? 

More information about the samba mailing list