[Samba] Password changes and syncing passwords with Linux accounts
lists at oak-wood.co.uk
Tue Feb 16 14:07:27 UTC 2016
On 16/02/2016 13:06, Rowland penny wrote:
> This is one of the reasons why it is not recommended to use the DC as a
> fileserver. On a Unix domain member you can use the unixHomeDirectory
> and loginShell attributes, but on a DC these are ignored, so you need to
> set the 'template' lines in smb.conf. The only problem is that you
> cannot have different settings per user.
That's a shame. Perhaps I'll get around to migrating the DC elsewhere
one day, but for now it's going to have to stay.
> Try: template homedir = /home/%ACCOUNTNAME%
That's done the trick, thanks.
> If wbinfo and getent are showing duplicate users (note:
> 'MYDOMAIN\chris' and 'chris' will be treated as the same user), check if
> the user exists in /etc/passwd and if it does, remove it from /etc/passwd.
Even after removing the users from /etc/passwd I still see two
MYDOMAIN\chris entries. What's more there is an LDAP entry with CN=chris
and another with CN=MYDOMAINchris. If I delete the latter getent returns
only one user MYDOMAIN\chris. But as soon as I log in again on a
terminal the duplicate user reappears, as does the cn=MYDOMAINchris in LDAP.
Another issue is that having now successfully logged in using the
credentials for chris I seem to be viewed as being MYDOMAIN\chris. This
is a problem at the very least because MYDOMAIN\chris is not in all the
groups that chris is. As he is not in admin, I can't sudo.
More information about the samba