[Samba] Getent Differences on a DC and a Member Server

[Rowland Penny]

On 03/07/15 02:28, David Minard wrote:
> Thank you Felix.
> On 02/07/15 16:18, Felix Matouschek wrote:
>> Hi David,
>>
>> I experienced this issue as well, it's currently a limitation of 
>> Samba 4.2.2.
>> Samba 4.2.2 DCs do not support pulling home directories and login 
>> shells from AD via rfc2307.
>>
>> I solved this issue with the "template homedir" and "template shell" 
>> directives.
>> You lose some flexibility but at least it works.
>
>     Lack of flexibility is my main problem.  Unfortunately without 
> restructuring how our home directories are set up, I need the 
> flexibility.  I need HomeDirectories etc to be pulled from the AD if 
> I'm to retire our current LDAP servers and use Samba4 as a replacement.
>>
>> Excerpt from my DC smb.conf:
>>
>> winbind nss info = rfc2307:MYDOMAIN, template
>> template shell = /bin/bash
>> template homedir = /home/users/%U
>>
>> Greetings,
>> Felix
>
>     Just to clarify, is it only the DC that doesn't return desired 
> values of HomeDirectory and Shell?

Yes, unfortunately The DC does not return anything for HomeDirectory or 
loginShell, this is still true even if you use a version from 4.2.0 
which uses 'winbindd' instead of 'winbind'.
The only only way to use all the RFC2307 attributes is to use member 
servers & Unix clients, they do not suffer from this problem.

Rowland

>
>     I ask because my member server is returning the desired values, 
> but I get the impression that it should not be from comments on the 
> list.  Rowland was helping me with winbindd over the last few weeks 
> and I got the impression that my Member Server should not be returning 
> correct HomeDirectory and Shell - but it is - that is why I mentioned 
> that I don't have SSSD installed - nor any other nsswitch back to our 
> current LDAP.  I need to know if what I am seeing is a freak of 
> computing, or expected behaviour.
>