[Samba] Discrepancies in getent passwd

John Lewis oflameo2 at gmail.com
Thu Oct 23 09:42:07 MDT 2014 

On 10/23/2014 11:14 AM, Rowland Penny wrote:
> On 23/10/14 16:01, John Lewis wrote:
>> On 10/23/2014 10:52 AM, Rowland Penny wrote:
>>> On 23/10/14 15:45, John Lewis wrote:
>>>> dictator at keep:~$ getent passwd | grep ldap-connect
>>>> ldap-connect:*:10000:513:::/usr/sbin/nologin
>>>> dictator at keep:~$ getent passwd ldap-connect
>>>> ldap-connect:*:10000:513:::/bin/sh
>>>>
>>>>
>>>> How do I make that shell is always /usr/sbin/nologin for ldap-connect?
>>> Hi, any chance of a bit more info, OS, what version of samba, smb.conf,
>>> etc ?
>>>
>>> Rowland
>>
>> dictator at drakeburner:~$ smbclient -V
>> Version 4.1.11-Debian
>> dictator at drakeburner:~$ sudo samba -V
>> Version 4.1.11-Debian
>> dictator at keep:~$ smbclient -V
>> Version 3.6.6
>>
> Why, oh why, is this like extracting teeth ???
> 
> You posted dictator at keep, 'dictator' being your user and 'keep' being
> the hostname of your computer, you have now posted:
> 
> dictator at drakeburner
> 
> AND no smb.conf!!!!
> 
> I take it that you are running an AD DC on 'drakeburner' and 'keep' is a
> client joined to the domain, but I am just guessing here.
> 
> If this is the case, then there is, at this time, no way to get the same
> loginShell on the AD DC server and a client for an individual user.
> 
> You can get an individual loginShell on clients etc.
> 
> Rowland
> 

Sorry, I had go to a meeting.

The machine keep is a generic client, and drakeburner is the Samba AD DC.

dictator at keep:~$ cat /etc/samba/smb.conf
# Global parameters
[global]
        realm = D.OFLAMEO.COM
        workgroup = OFLAMEO
        netbios name = KEEP
        security = ADS
        encrypt passwords = yes
        password server = drakeburner.d.oflameo.com

[demoshare]
        path = /src/samba/test
        read only = no


dictator at drakeburner:~$ cat /etc/samba/smb.conf
# Global parameters
[global]
        workgroup = OFLAMEO
        realm = D.OFLAMEO.COM
        netbios name = DRAKEBURNER
        server role = active directory domain controller
        dns forwarder = 192.168.2.1
        idmap_ldb:use rfc2307 = yes

[netlogon]
        path = /var/lib/samba/sysvol/d.oflameo.com/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

I can get the correct login shell comes up when I attempt to login as
ldap-connect to the Samba DC drakeburner.

More information about the samba mailing list