[Samba] Validate Ids Multiple DC

L.P.H. van Belle belle at bazuin.nl
Fri Jan 29 16:07:12 UTC 2016


Ah.. 
A misunderstanding..  i dont pull from ldap. I abuse settings.  

I use UID/GID from AD, only the UID/GID, dont really care about the others. 
But i do obey some rules.. i'll explain. 

This on the DC: 
getent passwd obell
myuser:*:10002:10000:L.P.H. van Belle:/home/users/ myuser:/bin/bash

Its bit diffent on the member. 
getent passwd myuser
myuser:*:10002:10000::/home/users/ myuser:/bin/bash

but ! on the member running only 
getent passwd | grep myuser ( results same again as the DC ) 
myuser:*:10002:10000:L.P.H. van Belle:/home/users/ myuser:/bin/bash

how/why, dont really know, but it works perfect.. 

and only thing i make sure is that the in AD the Unix in is always same
what i set in the server. 
Which means only 1 ! user homedir 
And thats why i have : 

        template shell = /bin/bash
        template homedir = /home/users/%U

All my users user homedir /home/users/%U 
If you need to seperate that, well then above probely wont work. 

And the users share/folders are good protected so nobody can walk through userdirs..  not even root, if not kerberos authenticated. 



Now im really gone...  
Beer time..  

Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny
> Verzonden: vrijdag 29 januari 2016 16:44
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Validate Ids Multiple DC
> 
> On 29/01/16 15:29, L.P.H. van Belle wrote:
> > Lol...
> > I dont know.. and i did learn know most from you :-P
> 
> I could never get a DC to use any rfc2307 attributes other than the
> uidNumber & gidNumber, even after 'winbind' was replaced by 'winbindd'.
> I even created a bug report about it.
> >
> > And you have reset the idmap?
> 
> If you mean remove rowland's record from idmap.ldb, then no, hang on I
> will go and try it.
> 
> OK, back again, rowland's record never made it into idmap.ldb, so we can
> rule that out.
> 
> Rowland
> 
> >
> > Greetz,
> >
> > .. hihi...
> >
> > Louis
> >
> >
> >
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba





More information about the samba mailing list