[Samba] unixHomeDirectory, loginShell, etc. on Samba4 AD DC
L.P.H. van Belle
belle at bazuin.nl
Wed Sep 16 11:32:02 UTC 2015
Yeah, Rowland, did say that also.
That part "use the DC for all" i didnt know..
About the laptop users. I was thinking about this.
http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html
and/or
http://labs.opinsys.com/blog/2010/03/26/user-management-with-sssd-on-shared-laptops/
and i have to look into
http://www.datastat.com/sysadminjournal/netware/lum.html
I know Novell as of 3.x to 6.5..
The best "directory service" is from Novell in my opinion still..
Especialy with ZenWorks.. very cool stuff.
But... i didnt have the time yet to investigate this.
for now i setup my laptop users to use offline files, and the do login on domain ( without the domain presence ), with cached windows login.
It works, as long as the dont reboot and this als only works good with
samba 4 shares.
In time we wil learn more about it.
First now is my network move from 3 domains to 1.. on a running network... :-/
A hell for its own, and this im doing alone.. gettin grey hair from it..
and im not joking here.. and for the funny guys.. yeah.. im getting old. ;-)
but im still having fun with my work and IT related stuff :-)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Lars Hanke
> Verzonden: woensdag 16 september 2015 13:02
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] unixHomeDirectory, loginShell, etc. on Samba4 AD DC
>
>
> >> I asked Jim directly for some extra info, since im lots in the thread.
> >> As i understand he needs a "local" and Ad users.
> > I don't think this is going to work Louis :-)
> >
> > The OP wants to use the DC for everything, as a fileserver and
> > authentication etc. So if he was to use what you are suggesting, when AD
> > user 'fred' first logs into the DC, an attempt to create a local user
> > called 'fred' would be attempted and I don't think it would happen. I
> > think it would error out with something like 'user already exists'.
>
> This is possible in principle using nslcd - and it should be with
> winbind as well. When libnss cannot contact ldap, it can fall back to
> local files. An option which I considered for notebooks, but I dropped
> it since it is confusing:
>
> * it would also fall back to local shadow of course,
> * you'd have to somehow sync group memberships to local files,
> * perhaps the very users as well,
> * and still lack any SSO benefits. (you're offline to begin with :) )
>
> So it should be considered thoroughly why this is required and whether
> there are other ways to achive those goals.
>
> Regards,
> - lars.
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list