[Samba] Samba ADS-member-server: FQDNs in /etc/hosts
rpenny at samba.org
Tue Jul 11 12:40:02 UTC 2017
On Tue, 11 Jul 2017 14:19:09 +0200
"Stefan G. Weichinger" <lists at xunil.at> wrote:
> Am 2017-07-11 um 14:00 schrieb Rowland Penny:
> >> template homedir = /home/%U
> >> works for me in this context, right?
> > That should work.
> edited accordingly, and rm-ed that idmap schema line on DM.
> I now have on the DM:
> workgroup = BUERO
> realm = secret.AT
> netbios name = SERVER
> security = ADS
> map to guest = Bad User
> username map = /etc/samba/smbusers
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> winbind refresh tickets = yes
> winbind trusted domains only = no
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> # Use settings from AD for login shell and home directory
> winbind nss info = template
> template shell = /usr/sbin/nologin
> template homedir = /mnt/samba/Daten/%U
> map untrusted to domain = Yes
> # Default idmap config used for BUILTIN and local accounts/groups
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
> # idmap config for domain BUERO
> idmap config BUERO:backend = rid
> idmap config BUERO:range = 10000-99999
> load printers = no
> printing = bsd
> printcap name = /dev/null
> # turn off roaming profiles
> logon path = ""
> logon home = ""
> #hosts allow = localhost 192.168.16. 172.32.99.
> log level = 3
> Restarted winbind, did "killall -HUP" on smbd and nmbd.
> still can't login to DM via smbclient and that mentioned user.
> I assume I need to restart all the smbd daemons ... ?
Well, you wouldn't be able to, would you, what with having this in
template shell = /usr/sbin/nologin
The bit on the end sort of gives it away ;-)
Try changing it to this:
template shell = /bin/bash
More information about the samba