[Samba] unixHomeDirectory, loginShell, etc. on Samba4 AD DC

L.P.H. van Belle belle at bazuin.nl
Wed Sep 16 11:32:02 UTC 2015


Yeah, Rowland, did say that also. 

That part "use the DC for all" i didnt know.. 

About the laptop users. I was thinking about this.
http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html
and/or 
http://labs.opinsys.com/blog/2010/03/26/user-management-with-sssd-on-shared-laptops/ 
and i have to look into 
http://www.datastat.com/sysadminjournal/netware/lum.html
I know Novell as of 3.x to 6.5.. 
The best "directory service" is from Novell in my opinion still.. 
Especialy with ZenWorks.. very cool stuff. 

But... i didnt have the time yet to investigate this. 

for now i setup my laptop users to use offline files, and the do login on domain ( without the domain presence ), with cached windows login. 
It works, as long as the dont reboot and this als only works good with 
samba 4 shares. 

In time we wil learn more about it.  
First now is my network move from 3 domains to 1.. on a running network... :-/ 
A hell for its own, and this im doing alone.. gettin grey hair from it.. 
and im not joking here.. and for the funny guys.. yeah.. im getting old. ;-) 
but im still having fun with my work and IT related stuff :-) 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Lars Hanke
> Verzonden: woensdag 16 september 2015 13:02
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] unixHomeDirectory, loginShell, etc. on Samba4 AD DC
> 
> 
> >> I asked Jim directly for some extra info, since im lots in the thread.
> >> As i understand he needs a "local" and Ad users.
> > I don't think this is going to work Louis :-)
> >
> > The OP wants to use the DC for everything, as a fileserver and
> > authentication etc. So if he was to use what you are suggesting, when AD
> > user 'fred' first logs into the DC, an attempt to create a local user
> > called 'fred' would be attempted and I don't think it would happen. I
> > think it would error out with something like 'user already exists'.
> 
> This is possible in principle using nslcd - and it should be with
> winbind as well. When libnss cannot contact ldap, it can fall back to
> local files. An option which I considered for notebooks, but I dropped
> it since it is confusing:
> 
> * it would also fall back to local shadow of course,
> * you'd have to somehow sync group memberships to local files,
> * perhaps the very users as well,
> * and still lack any SSO benefits. (you're offline to begin with :) )
> 
> So it should be considered thoroughly why this is required and whether
> there are other ways to achive those goals.
> 
> Regards,
>   - lars.
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba





More information about the samba mailing list