[Samba] What is --rfc2307-from-nss ??
Rowland Penny
rowlandpenny at googlemail.com
Wed Nov 26 06:43:43 MST 2014
On 26/11/14 13:34, L.P.H. van Belle wrote:
> ah.. you didnt configure the template(s) on your DC smb.conf to make your member match with your DC or visaversa.
> like:
> template shell = /bin/sh
> template homedir = /home/users/%U
>
> Louis
No, I didn't, but you are missing the point, I didn't set them for sssd
either!
When 4.2 comes out, it appears that the new winbindd will work in the
same way, it still (at the moment) ignores the RFC2307 attributes
'unixHomeDirectory' & 'loginShell', so you will still need to set the
templates in smb.conf and be limited by the very use of them.
Rowland
>
>> -----Oorspronkelijk bericht-----
>> Van: rowlandpenny at googlemail.com
>> [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>> Verzonden: woensdag 26 november 2014 14:24
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] What is --rfc2307-from-nss ??
>>
>> On 26/11/14 13:07, L.P.H. van Belle wrote:
>>> Debian with Sernet samba 4.1.13 DC and member servers
>>>
>>> with just nsswitch.conf configured and samba.
>>>
>>> DC :
>>> root at dc1:~# getent passwd obell
>>> DOMAIN\testuser:*:10000:10000:Test user:/home/users/%U:/bin/sh
>>>
>>> Member server:
>>> root at mem1:~# getent passwd obell
>>> testuser:*:10000:10000::/home/users/testuser:/bin/sh
>>>
>>> Rowland you have seen the differences in your user..
>>>
>>> DC >INTERNAL\testuser:*:10000:10000:Test
>> User:/home/INTERNAL/testuser:/bin/false
>>> MEMBER >testuser:*:10000:10000:Test User:/home/testuser:/bin/bash
>>> different homes and shell?
>> Hi Louis, They are both on the AD DC, the first is what you get if you
>> use winbind i.e the RFC2307 attributes 'unixHomeDirectory' &
>> 'loginShell' are ignored, the second is what you get if you use sssd,
>> all RFC2307 attributes are used.
>>
>> Rowland
>>
>>> Greetz,
>>>
>>> Louis
>>>
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: rowlandpenny at googlemail.com
>>>> [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>>>> Verzonden: woensdag 26 november 2014 13:11
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] What is --rfc2307-from-nss ??
>>>>
>>>> On 26/11/14 05:43, Greg Zartman wrote:
>>>>> I'm having a hard time figuring out what the samba-tool user create
>>>>> --rfc2307-from-nss does? The documentation is a little skinny.
>>>> It runs getpwnam**() to get the users info from another
>>>> database, so is
>>>> not much in creating a new user, as the new user in AD must
>>>> not exist on
>>>> the underlying OS.
>>>>
>>>>> I want users I create in the AD to be able to access local
>>>> file shares on
>>>>> Centos, so I'm setting up the SSSD service, but not entirely
>>>> sure if SSSD
>>>>> will provide user attributes like the login shell or if I
>>>> should set it
>>>>> explicitly in the active directory.
>>>> OK, I am not telling you this, but with the users info stored
>>>> in RFC2307
>>>> attributes in AD:
>>>>
>>>> Using winbind (Version 4.1.11-Debian)
>>>> root at debdc:~# getent passwd testuser
>>>> INTERNAL\testuser:*:10000:10000:Test
>>>> User:/home/INTERNAL/testuser:/bin/false
>>>>
>>>> Using sssd (Version 1.11.3)
>>>> root at debdc:~# getent passwd testuser
>>>> testuser:*:10000:10000:Test User:/home/testuser:/bin/bash
>>>>
>>>> Both on the AD DC
>>>>
>>>> Rowland
>>>>
>>>>> Thanks
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
More information about the samba
mailing list