[Samba] Man page for idmap_rid
James B. Byrne
byrnejb at harte-lyne.ca
Fri Aug 12 20:46:03 UTC 2016
On Wed, August 10, 2016 11:47, Rowland Penny wrote:
>> 1. Logon to AD from a Windows OS domain member. User obtains UID,
>> GID from LDAP but ignores shell (there is no alternative to
>> on the client) and the home directory (which is the USERS home drive
>> share or local drive in any case).
> No, it is only if you log into the DC that you only get the IDs,
> anywhere else and you can use the RFC2307 attributes if they are set.
Got it. Thanks.
>> 2. Logon to AD from a *NIX OS domain member. User obtains UID, GID,
>> shell, and home directory path from AD.
> Sort of, it all depends on how smb.conf on the domain member is set
> If you want to obtain the info from AD, it must be in AD and Samba
> must be set up to get it.
> Try reading this wiki page:
>> Is there a reference as to how UNIX hosts are added to the Domain
> That is on the wiki page, but it fairly simple, set up the host
> correctly including smb.conf and then run:
> net ads join -U Administrator
>> (SSSD?) or is that unnecessary?
> The only place where you may need sssd, is on a DC and then only
> if you want to use it as a fileserver along with using the
> RFC2307 attributes stored in AD.
>> I ask because one of my goals is to
>> implement a single sign-on for our Unix host users via the Samba AD.
> If you mean storing your Unix users in AD and then allowing them to
> login to Unix machines that are joined to the domain, then this is
> very possible. The users home directories don't have to exist, you can
> set PAM to create these at login.
>> These machines come and go but not with any great frequency. Many
>> themselves virtualised. Most are accessed via ssh or using OPENVPN
>> (which will be certificate based anyway).
>> I am hoping that adding the PAM AD authentication will alleviate
>> of the tediousness of setting up temporary hosts for an unknown
>> of users. Respecting which, are there references to any scripts
>> can be run to automatically set-up a user's home directory upon
>> login to an AD authenticated *NIX host?
> You do this by adding this line to /etc/pam.d/common-account
> session required pam_mkhomedir.so skel=/etc/skel/ umask=0022"
Thank you for this. You have been most helpful.
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the samba