[Samba] unixHomeDirectory, loginShell, etc. on Samba4 AD DC

L.P.H. van Belle belle at bazuin.nl
Wed Sep 16 06:37:11 UTC 2015

What your saying here, below is what im doing with samba and winbind only,
and it works great. 

Your saying winbind sucks, thats your interpertation of you not figuring out
the correct settings in my opionion. 

Things i use. 
Samba, winbind, squid-proxy, apache single Sign On, ssh logins with kerberos, nfs4 kerberized, postfix with ldap. 
And proxy apache ssh all use the winbind auth en/or kerberos auth. 

So IF you have problems, setting up samba, dont blaim samba, its not always easy to setup, i did about a year of testing before going in to production with this and im still tuning the setup. 
This is not because of a "bad" product, but of the amount of settings you can do, and i also dont know everything, and for that im very happy with all
helpfull people here on the samba list. Non of the lists im on (may the postfix list) is as active and helpfull as the samba list. 

And if you keep a "correct" order of installation, you wil always have a good working samba, really always, this is why i refer to my scripts. 
And this is also why Marc Muehlfeld is working hard on wiki changes. 
And setup like my scripts and it just works, maybe some settings are discussable, but its a good starting point.. 



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Lars Hanke
> Verzonden: dinsdag 15 september 2015 22:22
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] unixHomeDirectory, loginShell, etc. on Samba4 AD DC
> Hi Jim,
> I actually use krb5 / nslcd to authenticate to samba4 DC. Works nicely.
> Don't remember which trouble I finally had with sssd. winbind just
> sucked - you never knew whether it would heed rfc2307 on a new
> installation.
> nslcd can authenticate itself to AD using a kerberos keytab, however
> k5start is buggy. I have a patch for it. :)
> So I have consistent uid/gid on all Linux clients. Consistent SID on all
> Win clients, including cifs shares. A unique password, which can be
> changed from either client.
> You can use Win Tools to manage accounts, and I wrote some tools to do
> the same from Linux.
> You can use the same groups on Win and Linux. What you can't have is
> windows ACL set on a CIFS based access to take effect on NFS based
> access to the same share. But this should be clear. Still POSIX access
> control takes effect for samba based file servers.
> So, if you don't need more than that "having both an AD and Unix login
> having the same username" is possible. Otherwise I'm not sure what you
> mean by having a Unix login and something else for a network user on a
> Unix based system.
> Regards,
>   - lars.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list