[Samba] winbind on the DC again ... sorry

Paul R. Ganci ganci at nurdog.com
Sun Jun 14 12:14:09 MDT 2015 

I just tried to update from samba-4.1-18 to 4.2.2. For my small network, 
I was quite happy with the manner in which 4.1.18 winbind worked on my 
clients and the DC. In order to get around the limitations of winbind on 
the DC I took advantage of the smb.conf parameters:

template homedir = /home/%ACCOUNTNAME%
template shell = /bin/bash

Since I had a single domain this setup works fine for me. On the DC the 
variable %ACCOUNTNAME% would get the username substituted and since the 
template homedir put the user home directory in the same place as the AD 
database everything works. For example on any Linux client or the DC I 
could do:

 > getent passwd user
user:*:3001107:3000513:Joe User:/home/user:/bin/bash

and everything would be correct.

So now I update to 4.2.2 and tried to use the old winbind so I added the 
lines:

server services = -winbindd +winbind

Everything sort of works except that:

 > getent passwd user
user:*:3001107:3000513:Joe User:/home/%ACCOUNTNAME%:/bin/bash

Note that %ACCOUNTNAME% did not get the proper substitution of user.

So I took out the "server services" line and used the winbindd and still 
get:

 > getent passwd user
user:*:3001107:3000513:Joe User:/home/%ACCOUNTNAME%:/bin/bash

So then I removed the "template homedir" and I get:

 > getent passwd user
user:*:3001107:3000513:Joe User:/home/DOMAIN/user:/bin/bash

I worked around the issue on the DC by making links in /home/DOMAIN to 
the user home directories in /home. However it seems to me that the fact 
the variable %ACCOUNTNAME% is not getting substituted is a bug. Did I 
miss some documentation regarding the use of %ACCOUNTNAME%? I am 
guessing many of you don't use the template parameters so maybe this 
isn't such a big deal for you. Nonetheless, I did not expect this 
behavior with the upgrade.

As an aside it is kind of annoying that winbindd still does not work the 
same way on the DC as the client. That would make life so nice for those 
of us with small networks and limited budgets and cannot afford to have 
a separate member file server.

Thanks.

-- 
Paul (ganci at nurdog.com)
(303)257-5208

More information about the samba mailing list