[Samba] Validate Ids Multiple DC
L.P.H. van Belle
belle at bazuin.nl
Fri Jan 29 16:07:12 UTC 2016
Ah..
A misunderstanding.. i dont pull from ldap. I abuse settings.
I use UID/GID from AD, only the UID/GID, dont really care about the others.
But i do obey some rules.. i'll explain.
This on the DC:
getent passwd obell
myuser:*:10002:10000:L.P.H. van Belle:/home/users/ myuser:/bin/bash
Its bit diffent on the member.
getent passwd myuser
myuser:*:10002:10000::/home/users/ myuser:/bin/bash
but ! on the member running only
getent passwd | grep myuser ( results same again as the DC )
myuser:*:10002:10000:L.P.H. van Belle:/home/users/ myuser:/bin/bash
how/why, dont really know, but it works perfect..
and only thing i make sure is that the in AD the Unix in is always same
what i set in the server.
Which means only 1 ! user homedir
And thats why i have :
template shell = /bin/bash
template homedir = /home/users/%U
All my users user homedir /home/users/%U
If you need to seperate that, well then above probely wont work.
And the users share/folders are good protected so nobody can walk through userdirs.. not even root, if not kerberos authenticated.
Now im really gone...
Beer time..
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny
> Verzonden: vrijdag 29 januari 2016 16:44
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Validate Ids Multiple DC
>
> On 29/01/16 15:29, L.P.H. van Belle wrote:
> > Lol...
> > I dont know.. and i did learn know most from you :-P
>
> I could never get a DC to use any rfc2307 attributes other than the
> uidNumber & gidNumber, even after 'winbind' was replaced by 'winbindd'.
> I even created a bug report about it.
> >
> > And you have reset the idmap?
>
> If you mean remove rowland's record from idmap.ldb, then no, hang on I
> will go and try it.
>
> OK, back again, rowland's record never made it into idmap.ldb, so we can
> rule that out.
>
> Rowland
>
> >
> > Greetz,
> >
> > .. hihi...
> >
> > Louis
> >
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list