[Samba] Winbind + SFU - was: Re: samba4 and sssd and user mapping

Márcio Merlone marcio.merlone at a1.ind.br
Wed Jan 29 09:53:08 MST 2014 

Em 27-01-2014 13:53, Volker Lendecke escreveu:
> On Mon, Jan 27, 2014 at 01:31:05PM -0200, Márcio Merlone wrote:
>> I'll explain: if you provision your AD DC with rfc2307 attributes
>> for some users, they are ignored by winbind - except uid and gid -
>> and templates used instead. So, if I have '/home/users/%n' as
>> homedir for all users, but only one must have '/home/ftp/ftpuser',
>> winbind will see it as '/home/user/ftpuser' and not what's defined
>> on AD database.
> Have you tried playing with the "winbind nss info"
> parameter?

So I did it, no luck. Samba 4.1.4, sernet packages. winbind nss info = 
sfu made no diff:

root at trusty:/home/dados# getent passwd marcio.merlone
A1\marcio.merlone:*:1014:20313:Márcio Vogel Merlone dos 
Santos:/home/A1/marcio.merlone:/bin/false
root at trusty:/home/dados#

Shell and homedir should read:
A1\marcio.merlone:*:1014:20313:Márcio Vogel Merlone dos 
Santos:/home/usuarios/marcio.merlone:/bin/bash

I'm probably missing something on smb.conf:

[global]
     workgroup = A1
     realm = ad.a1.ind.br
     netbios name = TRUSTY
     server role = active directory domain controller
     server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
winbind, ntp_signd, kcc, dnsupdate, smb
     dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, 
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, 
eventlog6, backupkey, dnsserver, winreg, srvsvc
     idmap_ldb:use rfc2307 = yes
     winbind nss info = sfu
     winbind enum users = yes
     winbind enum groups = yes
     winbind offline logon = true
     idmap config * : backend = ad
     idmap config * : range = 1000-999999

[netlogon]
     path = /var/lib/samba/sysvol/ad.a1.ind.br/scripts
     read only = No

[sysvol]
     path = /var/lib/samba/sysvol
     read only = No

Regards,


-- 
*Marcio Merlone*
TI - Administrador de redes

*A1 Engenharia - Unidade Corporativa*
Fone: 	+55 41 3616-3797
Cel: 	+55 41 9689-0036

http://www.a1.ind.br/ <http://www.a1.ind.br>

More information about the samba mailing list