[Samba] WInbindd Home DIrectory and Shell
Brady, Mike
mike.brady at devnull.net.nz
Tue Jun 16 03:22:51 MDT 2015
On 2015-06-16 19:39, Rowland Penny wrote:
> On 16/06/15 04:03, Brady, Mike wrote:
>> With the switch to using winbindd on Domain Controllers in 4.2, should
>> a getent passwd now be showing the home directory and shell that is in
>> the RFC2307 attributes in the directory like a member server does?
>
> No, the 'winbindd' change hasn't altered anything here.
>
>>
>> I all ways thought that this was a difference between the internal
>> winbind and the external winbindd, but my 4.2 DC looks like it is
>> still using the templates rather than looking the values up in the
>> directory.
>>
>> Centos 7.1/Samba 4.2.2 DC configuration
>>
>> /etc/samba/smb.conf
>> [global]
>> workgroup = SAMBA
>> realm = samba.xxxxxxx.xx.xx
>> netbios name = DC03
>> server role = active directory domain controller
>>
>> # Using bind_dlz
>> server services = -dns
>
>>
>> idmap config SAMBA:backend = ad
>> idmap config SAMBA:schema_mode = rfc2307
>> idmap config SAMBA:range = 1000000-5000000
>>
>> idmap config *:backend = tdb
>> idmap config *:range = 70001-80000
>> winbind nss info = rfc2307
>
> You might as well remove the above lines, they are not doing anything.
>
I added these because the wikie page
https://wiki.samba.org/index.php/RFC2307_backend#Using_Winbindd_on_a_Samba_DC
specifically states that these settings are needed.
What range is used for uids for
>>
>> idmap_ldb:use rfc2307 = yes
>>
>> winbind trusted domains only = no
>> winbind use default domain = no
>> winbind enum users = yes
>> winbind enum groups = yes
>
> and the above 4 lines
>
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/samba.xxxxxxx.xx.xx/scripts
>> read only = No
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>>
>> nsswitch.conf has
>> passwd: files winbind
>> group: files winbind
>>
>> Thanks
>>
>> Mike
>
> Rowland
More information about the samba
mailing list