[Samba] unixHomeDirectory, loginShell, etc. on Samba4 AD DC
Lars Hanke
debian at lhanke.de
Wed Sep 16 11:02:28 UTC 2015
>> I asked Jim directly for some extra info, since im lots in the thread.
>> As i understand he needs a "local" and Ad users.
> I don't think this is going to work Louis :-)
>
> The OP wants to use the DC for everything, as a fileserver and
> authentication etc. So if he was to use what you are suggesting, when AD
> user 'fred' first logs into the DC, an attempt to create a local user
> called 'fred' would be attempted and I don't think it would happen. I
> think it would error out with something like 'user already exists'.
This is possible in principle using nslcd - and it should be with
winbind as well. When libnss cannot contact ldap, it can fall back to
local files. An option which I considered for notebooks, but I dropped
it since it is confusing:
* it would also fall back to local shadow of course,
* you'd have to somehow sync group memberships to local files,
* perhaps the very users as well,
* and still lack any SSO benefits. (you're offline to begin with :) )
So it should be considered thoroughly why this is required and whether
there are other ways to achive those goals.
Regards,
- lars.
More information about the samba
mailing list