[Samba] Winbind login overwrite homedir
Rowland penny
rpenny at samba.org
Wed Jul 8 14:52:26 UTC 2020
On 08/07/2020 15:15, basti via samba wrote:
> cat /etc/nsswitch.conf
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: files winbind
> group: files winbind
> shadow: files
> gshadow: files
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
>
> cat /etc/samba/smb.conf
> [global]
> security = ADS
> workgroup = SAMDOM
> realm = SAMDOM.EXAMPLE.COM
>
> log file = /var/log/samba/%m.log
> log level = 1
>
> winbind refresh tickets = Yes
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> winbind use default domain = yes
>
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> idmap config * : backend = tdb
> idmap config * : range = 1000-2000
>
> idmap config SAMDOM:backend = ad
> idmap config SAMDOM:schema_mode = rfc2307
> idmap config SAMDOM:range = 2001-999999
> idmap config SAMDOM:unix_nss_info = yes
>
> template homedir = /home/%U
> template shell = /bin/bash
>
> client use spnego = yes
> client ntlmv2 auth = yes
> encrypt passwords = yes
> winbind use default domain = yes
> restrict anonymous = 2
>
> # fix dfs error's in log ?
> host msdfs = no
>
> # https://wiki.samba.org/index.php/PAM_Offline_Authentication
> winbind offline logon = yes
>
> winbind enum users = yes
> winbind enum groups = yes
>
> OS: Debian 10.4
OK, which attribute have you set in AD 'homeDirectory' or
'unixHomeDirectory' ?
Rowland
More information about the samba
mailing list