[Samba] Using samba AD in mixed OS environment

Zdravko Zdravkov nirayah at gmail.com
Fri May 4 10:53:08 UTC 2018 

True that.

oddjob wasn't running, now it's fine, but apparently everything is the
same. In CentOS I see a folder created by my new "testuser" in Windows. The
folder's owner is 1000024 while getent passwd testuser responds with 11184
which is nowhere near the same.
I guess I'm not making something right during the whole configuration.

On Thu, May 3, 2018 at 6:24 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Thu, 3 May 2018 18:08:20 +0100
> Zdravko Zdravkov via samba <samba at lists.samba.org> wrote:
>
> > Hi Rowland.
> >
> > As suggested I switched to winbind with rid backend, since I had free
> > time for tests today. This is what I've done for few min.
> >
> > smb.conf from the testing pc
> >
> > [global]
> >         workgroup = XXXX
> >         security = ads
> >         realm = XXXX.X.XX
> >
> >         log file = /var/log/samba/%m.log
> >         log level = 1
> >
> >         idmap config * : backend = tdb
> >         idmap config * : range = 3000-7999
> >
> >         winbind use default domain = yes
> >         template shell = /usr/bin/bash
> >         template homedir = /home/%U
> >
> >         idmap config XXXX : backend = rid
> >         idmap config XXXX : range = 10000-999999
> >
>
> The above should work
>
> >
> > with the current config I successfully join the domain, can list
> > users and groups with both the wbinfo command and getent
> > passwd/group, but if I want to *su testdomainuser* it goes to
> > bash-4.2$, no home dir is created which obviously means that I can't
> > login with domain account.
>
> You need to use pam_mkhomedir, you can do this on debian by adding this
> to /etc/pam.d/common-account:
>
> session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022
>
> This will create the users homedir the first time the user logs in.
>
> I believe it is called something else on red hat, pam_oddjob ??
>
> >
> > My AD server config is untouched (yet)
>
> Good, you don't really want you users to log into the DC, but if you
> do, you just set it up in the same way as a Unix domain member.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list