[Samba] Configured AD backend but getting different uid and gid

L.P.H. van Belle belle at bazuin.nl
Fri Apr 26 07:35:20 UTC 2019 

Hai, 

Now this part. 
> On my Linux machines, currently all is done manually by local 
> user account
> creation and by adding the command lines into individual home 
> directory
> ~/.bash_profile

I dont know your system, but on my debian im adding things like that in /etc/profile.d/

Now its for every user, put your scripts in there, give "domain users" a GID. 
Make a match on the GID and make the program do what you want. 
This make sure this only runs for domain users. 
Somethink like that? 


> However, I need to find a way to take care of the 
> mapping after the domain user log in.

You mean a domain users login on a linux member? 
I use CIFS/NFS auto mounting homedirs, i use NFSv4 (kerberized) and automounting currently. 

I'll make a small howto on howto setup the NFSv4 kerberised part, my current setup is stable and im can repeat it without problems.
And as usual, it is pretty easy IF you know how. ;-) 

And is you "different gid/uid" problem also solved? 


Greetz, 

Louis




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Alfonso Conner via samba
> Verzonden: vrijdag 26 april 2019 3:58
> Aan: Rowland Penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Configured AD backend but getting 
> different uid and gid
> 
> Hi,
> 
> Thank you for replying. User home directory creation is 
> working without the
> need to edit /etc/pam.d/common-session
> The logon script I mentioned here is a in-house script to 
> handle directory
> mounting for file server access, and create shortcut on the 
> account desktop
> for different logins.
> On my Linux machines, currently all is done manually by local 
> user account
> creation and by adding the command lines into individual home 
> directory
> ~/.bash_profile
> I am happy to see after joining Samba AD, domain users able 
> to login Linux
> machines. However, I need to find a way to take care of the 
> mapping after
> the domain user log in.
> 
> Best Regards
> 
> 
> 
> 
> 
> On Thu, Apr 25, 2019 at 6:48 PM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
> 
> > On Thu, 25 Apr 2019 17:53:44 +0800
> > Alfonso Conner <c1581634 at gmail.com> wrote:
> >
> > > Hi,
> > >
> > > Thanks for the advice, I know these are already EOL but 
> please bear
> > > with me on that. I also do use CentOS 7 and Windows 10 for further
> > > testing. Anyway, I found out is due to my "idmap DOMAIN : range"
> > > value in smb.conf was not set to the correct range.
> >
> > Yes, that would do it ;-)
> >
> > > Another thing is libnss-winbind package must make sure to 
> be installed
> > > properly.
> >
> > If you want to use kerberos, you will also need libpam-krb5
> >
> > > After these things are resolved, I managed to see the 
> correct uid and
> > > gid. ;-)
> > >
> > > I have another problem and would like to know is there any
> > > configuration to trigger logon script when Domain User 
> login to Linux
> > > Machine? My understanding if is for Windows, I can use RSAT, go to
> > > the User account properties-> Profile-> Logon script and 
> put the file
> > > name.
> >
> > It all depends what you mean by 'logon script' ?
> > If you mean something to create the users home directory, 
> then yes, add:
> >
> > session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022
> >
> > to the end of /etc/pam.d/common-session
> >
> > If this isn't what you require, then can you please explain exactly
> > what you do require.
> >
> > Rowland
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list