[Samba] unixHomeDirectory, loginShell, etc. on Samba4 AD DC

Harry Jede walk2sun at arcor.de
Wed Sep 16 15:22:29 UTC 2015


On 17:07:40 wrote L.P.H. van Belle:
> On this subject..
> I asked Jim directly for some extra info, since im lots in the
> thread.
> 
> As i understand he needs a "local" and Ad users.
> 
> Maybe this is usefull
> 
> libpam-mklocaluser
> 
> When the user log in for the first time, a local user is created in
> /etc/passwd and primary group created in /etc/group, and a local
> home directory is created in /home. This is useful on roaming
> computers when the password is set up to be cached by for example
> libpam-ccreds or sssd to allow login without network connectivity
> using the password provided by a network authentication service like
> Kerberos or LDAP.
> 
> And some extra info on this
> http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html
Not each working solution should be used. This document descripes
one potentaly dangerous solution.
* LDAP_TLS_REQCERT = never * and * LDAP_URI = ldap://ldap *

These combined settings tells your local ldap libs to communicate
unencryted with your AD server. This happens in all networks, trusted
or untrusted.

> Greetz,
> 
> Louis

-- 

Regards
	Harry Jede


More information about the samba mailing list