[Samba] Samba ADS-member-server: FQDNs in /etc/hosts
Rowland Penny
rpenny at samba.org
Tue Jul 11 12:40:02 UTC 2017
On Tue, 11 Jul 2017 14:19:09 +0200
"Stefan G. Weichinger" <lists at xunil.at> wrote:
> Am 2017-07-11 um 14:00 schrieb Rowland Penny:
>
> >> template homedir = /home/%U
> >>
> >> works for me in this context, right?
> >
> > That should work.
>
> edited accordingly, and rm-ed that idmap schema line on DM.
>
> I now have on the DM:
>
> [global]
> workgroup = BUERO
> realm = secret.AT
> netbios name = SERVER
>
> security = ADS
> map to guest = Bad User
> username map = /etc/samba/smbusers
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> winbind refresh tickets = yes
>
> winbind trusted domains only = no
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
>
> # Use settings from AD for login shell and home directory
> winbind nss info = template
> template shell = /usr/sbin/nologin
> template homedir = /mnt/samba/Daten/%U
>
> map untrusted to domain = Yes
>
> # Default idmap config used for BUILTIN and local accounts/groups
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
>
> # idmap config for domain BUERO
> idmap config BUERO:backend = rid
> idmap config BUERO:range = 10000-99999
>
> load printers = no
> printing = bsd
> printcap name = /dev/null
>
> # turn off roaming profiles
> logon path = ""
> logon home = ""
>
> #hosts allow = localhost 192.168.16. 172.32.99.
>
> log level = 3
>
> ----
>
> Restarted winbind, did "killall -HUP" on smbd and nmbd.
>
> still can't login to DM via smbclient and that mentioned user.
>
> I assume I need to restart all the smbd daemons ... ?
Well, you wouldn't be able to, would you, what with having this in
smb.conf:
template shell = /usr/sbin/nologin
The bit on the end sort of gives it away ;-)
Try changing it to this:
template shell = /bin/bash
Rowland
More information about the samba
mailing list