[Samba] Manage unix users from AD
marcio.merlone at a1.ind.br
Tue Jan 28 09:28:14 MST 2014
Em 28-01-2014 11:10, Volker Lendecke escreveu:
> On Tue, Jan 28, 2014 at 01:54:11PM +0100, Sven Schwedas wrote:
>>> Which of each would bring my rfc2307 users with all their attributes
>>> defined on SFU, *and only those users*, to my linux system? If I create
>>> a user _without_ rc2307 means I don't want linux to know about him. If I
>>> define a user with /bin/false as shell on SFU, bring that to linux.
>>> That's it. As an admin, I don't care about idmapping, I already defined
>>> an uidNumber (or wathever AD attribute is used to store it) to the user,
>>> just use it.
>> Then you can safely ignore winbindd, as it doesn't honour shell settings.
> If you use "winbind nss info = sfu" it should do it.
Good to know, I'll play with that and see how it works. But looking for
information and docs I found that on smb.conf man page (1) it says
something about "winbind nss info = sfu" - and no more than you have
already said - while at winbind page (2) there is no mention to 'sfu'
nor 'nss' even though it seems to be the samba4 version of winbind - as
per the url.
Also, I am still not sure to which winbind all docs and information
found on net refers to: samba3, samba4, internal, daemon... . for a
non-samba expert/specialist, it is very confusing and frustrating.
>> Food for thought: Is offline login (/resilience against domain
>> controller outages) needed? nss_ldap afaik does not provide this
>> natively, e.g., and needs external caching by pam_ccreds (which makes
>> for a more complicated setup).
Resilience is always welcome; in my case just desired, not required.
TI - Administrador de redes
*A1 Engenharia - Unidade Corporativa*
Fone: +55 41 3616-3797
Cel: +55 41 9689-0036
More information about the samba