[Samba] Getent Differences on a DC and a Member Server
david at scem.uws.edu.au
Fri Jul 3 01:28:27 UTC 2015
Thank you Felix.
On 02/07/15 16:18, Felix Matouschek wrote:
> Hi David,
> I experienced this issue as well, it's currently a limitation of Samba 4.2.2.
> Samba 4.2.2 DCs do not support pulling home directories and login shells from AD via rfc2307.
> I solved this issue with the "template homedir" and "template shell" directives.
> You lose some flexibility but at least it works.
Lack of flexibility is my main problem. Unfortunately without
restructuring how our home directories are set up, I need the
flexibility. I need HomeDirectories etc to be pulled from the AD if I'm
to retire our current LDAP servers and use Samba4 as a replacement.
> Excerpt from my DC smb.conf:
> winbind nss info = rfc2307:MYDOMAIN, template
> template shell = /bin/bash
> template homedir = /home/users/%U
Just to clarify, is it only the DC that doesn't return desired
values of HomeDirectory and Shell?
I ask because my member server is returning the desired values, but
I get the impression that it should not be from comments on the list.
Rowland was helping me with winbindd over the last few weeks and I got
the impression that my Member Server should not be returning correct
HomeDirectory and Shell - but it is - that is why I mentioned that I
don't have SSSD installed - nor any other nsswitch back to our current
LDAP. I need to know if what I am seeing is a freak of computing, or
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von David Minard
> Gesendet: Donnerstag, 2. Juli 2015 06:18
> An: samba at lists.samba.org
> Betreff: [Samba] Getent Differences on a DC and a Member Server
> G'day All,
> I'm running Centos 7, Samba4.2.2. (SSSD is NOT running (not even installed on the Member Server))
> /etc/nsswitch on both:
> passwd: files winbind
> group: files winbind
> the winbind libs have been sym-linked as described in the tiki. All seems to be working well on both the DC and Member Server.
> Both smb.fonfs have:
> idmap config *:backend = tdb
> idmap config *:range = 3000000-4000000
> idmap config AD:backend = ad
> idmap config AD:schema_mode = rfc2307
> idmap config AD:range = 600-2999999
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = Yes
> On the DC I've changed winbind to winbindd in the "server services"
> line, and winbindd starts up as expected.
> Can anyone tell me why I get slightly different answers from 'getent passwd [username]' from a DC and a Member Server.
> eg: getent passwd fred
> fred:*:4999:1001:Fred Nerks:/home/AD/fred:/bin/false
> On a Member Server:
> fred:*:4999:1001:Fred Nerks:/home/fred:/bin/tcsh
> On the DC the HomeDirectory and Shell Fields are not what I defined for user Fred.
> On the Member Server, Homedirectory and Shell are what I defined for user Fred.
> Why is there a difference?
> This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
Ph: 0247 360 155
Fax: 0247 360 770
School of Computing, Engineering, and Mathematics
Building Y - Penrith Campus (Kingswood)
Locked bag 1797
Penrith South DC
[Sometimes waking up just isn't worth the insult of the day to come.]
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba