[Samba] unixHomeDirectory, loginShell, etc. on Samba4 AD DC

Lars Hanke debian at lhanke.de
Tue Sep 15 20:21:55 UTC 2015

Hi Jim,

I actually use krb5 / nslcd to authenticate to samba4 DC. Works nicely. 
Don't remember which trouble I finally had with sssd. winbind just 
sucked - you never knew whether it would heed rfc2307 on a new installation.

nslcd can authenticate itself to AD using a kerberos keytab, however 
k5start is buggy. I have a patch for it. :)

So I have consistent uid/gid on all Linux clients. Consistent SID on all 
Win clients, including cifs shares. A unique password, which can be 
changed from either client.

You can use Win Tools to manage accounts, and I wrote some tools to do 
the same from Linux.

You can use the same groups on Win and Linux. What you can't have is 
windows ACL set on a CIFS based access to take effect on NFS based 
access to the same share. But this should be clear. Still POSIX access 
control takes effect for samba based file servers.

So, if you don't need more than that "having both an AD and Unix login 
having the same username" is possible. Otherwise I'm not sure what you 
mean by having a Unix login and something else for a network user on a 
Unix based system.

  - lars.

More information about the samba mailing list