[Samba] unixHomeDirectory, loginShell, etc. on Samba4 AD DC

Sketch smblist at rednsx.org
Wed Sep 16 13:24:14 UTC 2015

On Wed, 16 Sep 2015, L.P.H. van Belle wrote:

> When the user log in for the first time, a local user is created in 
> /etc/passwd and primary group created in /etc/group, and a local home 
> directory is created in /home. This is useful on roaming computers when 
> the password is set up to be cached by for example libpam-ccreds or sssd 
> to allow login without network connectivity using the password provided 
> by a network authentication service like Kerberos or LDAP.

This sounds like a byzantine hack bound to cause issues down the road 
(password synchronization anyone?), unless the goal is to log them into 
the domain once just to clone their user account onto the local machine.

You mention sssd, but one of the features of sssd (like winbind) is to 
cache login credentials for later offline login.  I'm not sure about 
winbind, since I don't use it, but sssd has configuration options to let 
you set credential lifetimes, which could be useful if you need long 
offline login periods for laptops.  You may also need to need to modify 
the kerberos ticket lifetimes in /etc/krb5.conf if you want to cache 
kerberos credentials for long periods of time.

More information about the samba mailing list