[Samba] Password changes and syncing passwords with Linux accounts

Chris Hastie lists at oak-wood.co.uk
Tue Feb 16 14:07:27 UTC 2016

On 16/02/2016 13:06, Rowland penny wrote:
> This is one of the reasons why it is not recommended to use the DC as a
> fileserver. On a Unix domain member you can use the unixHomeDirectory
> and loginShell attributes, but on a DC these are ignored, so you need to
> set the 'template' lines in smb.conf. The only problem is that you
> cannot have different settings per user.

That's a shame. Perhaps I'll get around to migrating the DC elsewhere 
one day, but for now it's going to have to stay.

> Try: template homedir = /home/%ACCOUNTNAME% 

That's done the trick, thanks.
> If  wbinfo and getent are showing duplicate users (note:
> 'MYDOMAIN\chris' and 'chris' will be treated as the same user), check if
> the user exists in /etc/passwd and if it does, remove it from /etc/passwd.
Even after removing the users from /etc/passwd I still see two 
MYDOMAIN\chris entries. What's more there is an LDAP entry with CN=chris 
and another with CN=MYDOMAINchris. If I delete the latter getent returns 
only one user MYDOMAIN\chris. But as soon as I log in again on a 
terminal the duplicate user reappears, as does the cn=MYDOMAINchris in LDAP.

Another issue is that having now successfully logged in using the 
credentials for chris I seem to be viewed as being MYDOMAIN\chris. This 
is a problem at the very least because MYDOMAIN\chris is not in all the 
groups that chris is. As he is not in admin, I can't sudo.



More information about the samba mailing list