[Samba] setup-sysvol-bidirectional.sh unable to id administrator
L.P.H. van Belle
belle at bazuin.nl
Mon Apr 4 14:00:02 UTC 2016
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sketch
> Verzonden: maandag 4 april 2016 15:53
> Aan: mathias dufresne
> CC: samba
> Onderwerp: Re: [Samba] setup-sysvol-bidirectional.sh unable to id
> administrator
>
> On Mon, 4 Apr 2016, mathias dufresne wrote:
>
> > I expect Winbind on DC do NOT retrieve home dir, by design.
> >
> > DC are not meant to be used by AD users, no session from standard users
> on
> > DC, never.
>
> While I agree that it is best practice not to allow user logins onto an
> authentication server, I'd still consider this a bug/missing feature.
> Linux is not Windows. I don't think we should inherit limitations from
> Windows just bceause they have them. Also note that limitations in
> winbind are what prevents a fileserver from running on a DC, and that _is_
> possible on Windows.
>
> --
I dont have any problems with users to allow login onto an authentication server.
I just dont allow UID 0 ! ever to login anywhere.
... and on a DC administrator = UID 0
See:
id administrator
uid=0(root) .. and lots more groups here..
> I don't think we should inherit limitations from
> Windows just bceause they have them. Also note that limitations in
> winbind are what prevents a fileserver from running on a DC, and that _is_
> possible on Windows.
You can run Samba as DC as File server also, its just not recommended.
So no limitations here.
Greetz,
Louis
More information about the samba
mailing list