[Samba] Man page for idmap_rid
rpenny at samba.org
Wed Aug 10 07:59:18 UTC 2016
On Tue, 9 Aug 2016 22:22:55 -0400
"James B. Byrne via samba" <samba at lists.samba.org> wrote:
> On Tue, August 9, 2016 14:00, Rowland Penny wrote:
> > That was the old way, if you are using AD, you do not need Unix
> > users in /etc/passwd and in fact, you should not have users in
> > both /etc/passwd and AD.
> > To make an AD user a Unix user, either add RFC2307 attributes to the
> > users object in AD and then use the winbind 'ad' backend, or use the
> > 'rid' backend, in which case you do not have to add anything to AD.
> I have zero experience with this so my question may appear fairly
> naive. What about user home directories and shells on *NIX hosts
> other than the AD-DC? I read somewhere that user UNIX Attributes
> other than UID and GID are not implemented in Samba.
> My use-case would be sshd session authentication on a remote host
> using an AD-DC PAM module.
I think you have misunderstood this, if you use a Samba AD DC as a
fileserver, then winbindd only uses the uidNumber & gidNumber
attributes. On a Unix domain member, winbindd will use all available
RFC2307 attributes, including loginShell & unixHomeDirectory.
More information about the samba