[Samba] unixHomeDirectory, loginShell, etc. on Samba4 AD DC
Sketch
smblist at rednsx.org
Wed Sep 16 13:24:14 UTC 2015
On Wed, 16 Sep 2015, L.P.H. van Belle wrote:
> When the user log in for the first time, a local user is created in
> /etc/passwd and primary group created in /etc/group, and a local home
> directory is created in /home. This is useful on roaming computers when
> the password is set up to be cached by for example libpam-ccreds or sssd
> to allow login without network connectivity using the password provided
> by a network authentication service like Kerberos or LDAP.
This sounds like a byzantine hack bound to cause issues down the road
(password synchronization anyone?), unless the goal is to log them into
the domain once just to clone their user account onto the local machine.
You mention sssd, but one of the features of sssd (like winbind) is to
cache login credentials for later offline login. I'm not sure about
winbind, since I don't use it, but sssd has configuration options to let
you set credential lifetimes, which could be useful if you need long
offline login periods for laptops. You may also need to need to modify
the kerberos ticket lifetimes in /etc/krb5.conf if you want to cache
kerberos credentials for long periods of time.
More information about the samba
mailing list