[Samba] unixHomeDirectory, loginShell, etc. on Samba4 AD DC
Lars Hanke
debian at lhanke.de
Tue Sep 15 20:21:55 UTC 2015
Hi Jim,
I actually use krb5 / nslcd to authenticate to samba4 DC. Works nicely.
Don't remember which trouble I finally had with sssd. winbind just
sucked - you never knew whether it would heed rfc2307 on a new installation.
nslcd can authenticate itself to AD using a kerberos keytab, however
k5start is buggy. I have a patch for it. :)
So I have consistent uid/gid on all Linux clients. Consistent SID on all
Win clients, including cifs shares. A unique password, which can be
changed from either client.
You can use Win Tools to manage accounts, and I wrote some tools to do
the same from Linux.
You can use the same groups on Win and Linux. What you can't have is
windows ACL set on a CIFS based access to take effect on NFS based
access to the same share. But this should be clear. Still POSIX access
control takes effect for samba based file servers.
So, if you don't need more than that "having both an AD and Unix login
having the same username" is possible. Otherwise I'm not sure what you
mean by having a Unix login and something else for a network user on a
Unix based system.
Regards,
- lars.
More information about the samba
mailing list