[Samba] winbind question
Steve Thompson
smt at vgersoft.com
Sat Feb 15 21:31:50 UTC 2020
On Sat, 15 Feb 2020, Rowland penny via samba wrote:
> On 15/02/2020 19:15, Steve Thompson via samba wrote:
>> Now I am using samba 4.11.6 on CentOS 7.7, patched up to date.
> Have you compiled Samba yourself, or are you using Samba packages and if so,
> where from ?
>> The DC, on a KVM VM, is the only node configured so far. I am using
>> winbind in place of sssd (my first experience with winbind). BIND9_DLZ
>> pointing to a DNS hosted on the same virtual box.
> What do you mean by 'DNS hosted on the same virtual box' ?
>> The smb.conf is exactly as created by the domain provision, except that I
>> added:
>>
>> ????winbind use default domain = yes
>> ??????? winbind nss info = rfc2307
> Those two do not work on a DC.
OK, I removed them.
>> All installation tests seem to work OK. I create a group and a user
>> (username smt) with samba-tool, and add the appropriate loginShell,
>> unixHomeDirectory, uidNumber and gidNumber attributes. The "wbinfo -i smt"
>> command gives:
>>
>> ????VOYAGER\smt:*:1000:100::/fs/home/smt:/bin/zsh
>
> Is there a reason to use such low ID's ?
UID's and GID's are already assigned (via file ownerships) for 2500 users
across many fileservers, and I do not really want to change them.
> I know where the '100' is coming from, you haven't given Domain Users a
> gidNumber.
I assigned a gidNumber to Domain Users, and now both wbinfo and getent
return that number for the user's gid instead of the user's gidNumber from
the database. This is wrong is it not? And it doesn't explain why the
uid was incorrect also.
> Yes, do not use the DC as a fileserver ;-)
I understand this.
> You cannot use the loginShell, and unixHomeDirectory attributes on a Samba AD
> DC
I understand this too. I don't understand why this should be a limitation,
though. I realize it was coded this way, but why?
Steve
--
----------------------------------------------------------------------------
Steve Thompson E-mail: smt AT vgersoft DOT com
Voyager Software LLC Web: http://www DOT vgersoft DOT com
3901 N Charles St VSW Support: support AT vgersoft DOT com
Baltimore MD 21218
"186,282 miles per second: it's not just a good idea, it's the law"
----------------------------------------------------------------------------
More information about the samba
mailing list