[Samba] Password changes and syncing passwords with Linux accounts
rpenny at samba.org
Tue Feb 16 13:06:37 UTC 2016
On 16/02/16 12:38, Chris Hastie wrote:
> On 16/02/16 09:32, Rowland penny wrote:
>> I would suggest that you start here:
>> Some of the info is also applicable if you use a DC as a fileserver
>> and you will have to click on links to get the full info.
> OK. I've done my best to try and understand this. I presume that as
> the machine is the AD-DC it's already a member of the AD. A key point
> seemed to be nsswitch.conf, which I have changed. Now getent passwd
> does return all the domain accounts, but all the login shells are
> returned as /bin/false and home directories as /home/MYDOMAIN/someuser
This is one of the reasons why it is not recommended to use the DC as a
fileserver. On a Unix domain member you can use the unixHomeDirectory
and loginShell attributes, but on a DC these are ignored, so you need to
set the 'template' lines in smb.conf. The only problem is that you
cannot have different settings per user.
> This is despite the fact that looking directly at the LDAP records my
> own account says loginShell /bin/bash and unixHomeDirectory
> /home/chris. An attempt to login fails because "Could not chdir to
> home directory /home/MYDOMAIN/chris: No such file or directory" (I'm
> actually surprised it wasn't the /bin/false that was the deciding factor)
> template homedir = /home/%U
> template shell = /bin/bash
> gets the shell to /bin/bash, but for everyone. But the home directory
> for all users becomes /home/%U, ie no substitution of %U is done. How
> can I get the shells and home directories to be returned as desired?
Try: template homedir = /home/%ACCOUNTNAME%
> Also, the username is always preceded by MYDOMAIN\. Oddly as well,
> wbinfo -u includes both a 'chris' and a 'MYDOMAIN\chris', and getent
> passwd returns two separate MYDOMAIN\chris lines. Whether this is a
> problem I don't know, but there doesn't seem much point in going
> further until I can at least see sensible shells and home directories.
If wbinfo and getent are showing duplicate users (note:
'MYDOMAIN\chris' and 'chris' will be treated as the same user), check if
the user exists in /etc/passwd and if it does, remove it from /etc/passwd.
More information about the samba