[Samba] What is --rfc2307-from-nss ??

L.P.H. van Belle belle at bazuin.nl
Wed Nov 26 06:34:15 MST 2014 

ah.. you didnt configure the template(s) on your DC smb.conf to make your member match with your DC or visaversa. 
like: 
       template shell = /bin/sh
       template homedir = /home/users/%U

Louis

>-----Oorspronkelijk bericht-----
>Van: rowlandpenny at googlemail.com 
>[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>Verzonden: woensdag 26 november 2014 14:24
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] What is --rfc2307-from-nss ??
>
>On 26/11/14 13:07, L.P.H. van Belle wrote:
>> Debian with Sernet samba 4.1.13 DC and member servers
>>
>> with just nsswitch.conf configured and samba.
>>
>> DC :
>> root at dc1:~# getent passwd obell
>> DOMAIN\testuser:*:10000:10000:Test user:/home/users/%U:/bin/sh
>>
>> Member server:
>> root at mem1:~# getent passwd obell
>> testuser:*:10000:10000::/home/users/testuser:/bin/sh
>>
>> Rowland you have seen the differences in your user..
>>
>> DC     >INTERNAL\testuser:*:10000:10000:Test 
>User:/home/INTERNAL/testuser:/bin/false
>> MEMBER >testuser:*:10000:10000:Test User:/home/testuser:/bin/bash
>> different homes and shell?
>
>Hi Louis, They are both on the AD DC, the first is what you get if you 
>use winbind i.e the RFC2307 attributes 'unixHomeDirectory' & 
>'loginShell' are ignored, the second is what you get if you use sssd, 
>all RFC2307 attributes are used.
>
>Rowland
>
>>
>> Greetz,
>>
>> Louis
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: rowlandpenny at googlemail.com
>>> [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>>> Verzonden: woensdag 26 november 2014 13:11
>>> Aan: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] What is --rfc2307-from-nss ??
>>>
>>> On 26/11/14 05:43, Greg Zartman wrote:
>>>> I'm having a hard time figuring out what the samba-tool user create
>>>> --rfc2307-from-nss does?  The documentation is a little skinny.
>>> It runs getpwnam**() to get the users info from another
>>> database, so is
>>> not much in creating a new user, as the new user in AD must
>>> not exist on
>>> the underlying OS.
>>>
>>>> I want users I create in the AD to be able to access local
>>> file shares on
>>>> Centos, so I'm setting up the SSSD service, but not entirely
>>> sure if SSSD
>>>> will provide user attributes like the login shell or if I
>>> should set it
>>>> explicitly in the active directory.
>>> OK, I am not telling you this, but with the users info stored
>>> in RFC2307
>>> attributes in AD:
>>>
>>> Using winbind (Version 4.1.11-Debian)
>>> root at debdc:~# getent passwd testuser
>>> INTERNAL\testuser:*:10000:10000:Test
>>> User:/home/INTERNAL/testuser:/bin/false
>>>
>>> Using sssd (Version 1.11.3)
>>> root at debdc:~# getent passwd testuser
>>> testuser:*:10000:10000:Test User:/home/testuser:/bin/bash
>>>
>>> Both on the AD DC
>>>
>>> Rowland
>>>
>>>> Thanks
>>> -- 
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list