[Samba] Using samba AD in mixed OS environment
Rowland Penny
rpenny at samba.org
Thu May 3 17:24:48 UTC 2018
On Thu, 3 May 2018 18:08:20 +0100
Zdravko Zdravkov via samba <samba at lists.samba.org> wrote:
> Hi Rowland.
>
> As suggested I switched to winbind with rid backend, since I had free
> time for tests today. This is what I've done for few min.
>
> smb.conf from the testing pc
>
> [global]
> workgroup = XXXX
> security = ads
> realm = XXXX.X.XX
>
> log file = /var/log/samba/%m.log
> log level = 1
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
>
> winbind use default domain = yes
> template shell = /usr/bin/bash
> template homedir = /home/%U
>
> idmap config XXXX : backend = rid
> idmap config XXXX : range = 10000-999999
>
The above should work
>
> with the current config I successfully join the domain, can list
> users and groups with both the wbinfo command and getent
> passwd/group, but if I want to *su testdomainuser* it goes to
> bash-4.2$, no home dir is created which obviously means that I can't
> login with domain account.
You need to use pam_mkhomedir, you can do this on debian by adding this
to /etc/pam.d/common-account:
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
This will create the users homedir the first time the user logs in.
I believe it is called something else on red hat, pam_oddjob ??
>
> My AD server config is untouched (yet)
Good, you don't really want you users to log into the DC, but if you
do, you just set it up in the same way as a Unix domain member.
Rowland
More information about the samba
mailing list