[Samba] Discrepancies in getent passwd
John Lewis
oflameo2 at gmail.com
Thu Oct 23 09:42:07 MDT 2014
On 10/23/2014 11:14 AM, Rowland Penny wrote:
> On 23/10/14 16:01, John Lewis wrote:
>> On 10/23/2014 10:52 AM, Rowland Penny wrote:
>>> On 23/10/14 15:45, John Lewis wrote:
>>>> dictator at keep:~$ getent passwd | grep ldap-connect
>>>> ldap-connect:*:10000:513:::/usr/sbin/nologin
>>>> dictator at keep:~$ getent passwd ldap-connect
>>>> ldap-connect:*:10000:513:::/bin/sh
>>>>
>>>>
>>>> How do I make that shell is always /usr/sbin/nologin for ldap-connect?
>>> Hi, any chance of a bit more info, OS, what version of samba, smb.conf,
>>> etc ?
>>>
>>> Rowland
>>
>> dictator at drakeburner:~$ smbclient -V
>> Version 4.1.11-Debian
>> dictator at drakeburner:~$ sudo samba -V
>> Version 4.1.11-Debian
>> dictator at keep:~$ smbclient -V
>> Version 3.6.6
>>
> Why, oh why, is this like extracting teeth ???
>
> You posted dictator at keep, 'dictator' being your user and 'keep' being
> the hostname of your computer, you have now posted:
>
> dictator at drakeburner
>
> AND no smb.conf!!!!
>
> I take it that you are running an AD DC on 'drakeburner' and 'keep' is a
> client joined to the domain, but I am just guessing here.
>
> If this is the case, then there is, at this time, no way to get the same
> loginShell on the AD DC server and a client for an individual user.
>
> You can get an individual loginShell on clients etc.
>
> Rowland
>
Sorry, I had go to a meeting.
The machine keep is a generic client, and drakeburner is the Samba AD DC.
dictator at keep:~$ cat /etc/samba/smb.conf
# Global parameters
[global]
realm = D.OFLAMEO.COM
workgroup = OFLAMEO
netbios name = KEEP
security = ADS
encrypt passwords = yes
password server = drakeburner.d.oflameo.com
[demoshare]
path = /src/samba/test
read only = no
dictator at drakeburner:~$ cat /etc/samba/smb.conf
# Global parameters
[global]
workgroup = OFLAMEO
realm = D.OFLAMEO.COM
netbios name = DRAKEBURNER
server role = active directory domain controller
dns forwarder = 192.168.2.1
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /var/lib/samba/sysvol/d.oflameo.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
I can get the correct login shell comes up when I attempt to login as
ldap-connect to the Samba DC drakeburner.
More information about the samba
mailing list