[Samba] Password changes and syncing passwords with Linux accounts

Tue Feb 16 12:53:24 UTC 2016

What you have done is correct. 

If the server your talking about is ADDC, then what you did with the templates is correct the solution.  

Only the memberservers use the AD/LDAP to get the shell and homedir. 

So if you have split up you homedir folder in multiple folders, wel, merge it to one or keep only the users which are allowed to login with ssh
in /home/usersname. 

For this reason i use  the following layout. 
/home/users/MyUsers  for all AD users
/home/Myusers for normal linux users. 

'chris' and a 'MYDOMAIN\chris'
Im guessing you added a user "chris" in /etc/passwd 
and 'MYDOMAIN\chris' is the user in the AD. 

Remove the chris from /etc/passwd, and create for example, admchris as backup account for logins. 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Chris Hastie
> Verzonden: dinsdag 16 februari 2016 13:38
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Password changes and syncing passwords with Linux
> accounts
> 
> On 16/02/16 09:32, Rowland penny wrote:
> > I would suggest that you start here:
> >
> > https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
> >
> > Some of the info is also applicable if you use a DC as a fileserver
> > and you will have to click on links to get the full info.
> 
> OK. I've done my best to try and understand this. I presume that as the
> machine is the AD-DC it's already a member of the AD. A key point seemed
> to be nsswitch.conf, which I have changed. Now getent passwd does return
> all the domain accounts, but all the login shells are returned as
> /bin/false and home directories as /home/MYDOMAIN/someuser
> 
> This is despite the fact that looking directly at the LDAP records my
> own account says loginShell /bin/bash and unixHomeDirectory /home/chris.
> An attempt to login fails because "Could not chdir to home directory
> /home/MYDOMAIN/chris: No such file or directory" (I'm actually surprised
> it wasn't the /bin/false that was the deciding factor)
> 
> Using
>      template homedir = /home/%U
>      template shell = /bin/bash
> 
> gets the shell to /bin/bash, but for everyone. But the home directory
> for all users becomes /home/%U, ie no substitution of %U is done. How
> can I get the shells and home directories to be returned as desired?
> 
> Also, the username is always preceded by MYDOMAIN\. Oddly as well,
> wbinfo -u includes both a 'chris' and a 'MYDOMAIN\chris', and getent
> passwd returns two separate MYDOMAIN\chris lines. Whether this is a
> problem I don't know, but there doesn't seem much point in going further
> until I can at least see sensible shells and home directories.
> 
> cheers
> 
> Chris
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba