[Samba] Samba 4.10.6-1 Configuration on AIX

Rowland penny rpenny at samba.org
Fri Feb 7 08:25:42 UTC 2020


On 07/02/2020 02:27, Bob Wyatt wrote:
> Thanks again for the continued help...
>
> Current thinking is using rid for the backend does not place any new administrative functions on the staff - agree?

If by this, you mean that you do not have to add anything to AD, then 
yes. You may have to add a couple of template lines to your smb.conf, 
the defaults are:

template homedir = /home/%D/%U

template shell = /bin/false

With the above, your users will not be able login to the Unix computer 
and will get a Unix homedirectory of /home/DOMAIN/username

> Begs questions of what is being written in smbpasswd, and do we have administrative work on AIX?
> Such as adding users and a group or two in the range specified for idmap? A mapping "table"?

You do not use smbpasswd and you need something else in smb.conf:

username map = /etc/samba/user.map

With '/etc/samba/user.map' containing '!root = DOMAIN\Administrator'

After this, using the 'rid' backend, all users and groups in AD become 
Unix users and groups.

Basically it boils down to, forget most of what you know about Samba3 
domains ;-)

> If rid is hands-off administration, that's likely the way they want to go.
>
> Going with rid - security is still ads?

Yes, it is just a different winbind backend.

Rowland




More information about the samba mailing list