[Samba] libpam-winbind mkhomedir
Marco Gaiarin
gaio at sv.lnf.it
Thu Jun 3 08:48:24 UTC 2021
Mandi! Rowland penny via samba
In chel di` si favelave...
> I personally think that, as standard, Samba should ignore computers as
> users.
No, Rowland; if acting as SYSTEM user, windows client OS (try to; then
fallback to guest if enabled) access shares and resources with the
machine account, and this is EXTREMELY useful for, as an example, all
the deply/configuration system (that may have to access to passwords or
private keys).
I've currently assigned a GID to 'Domain Computers' (it is not
ID_BOTH), and i assign UID to computer accounts.
I don't use the 'mkhome' feature of winbind, but a script in [users]
share. Anyway, i think that the best solution will be a simple filter
in 'mkhome', like explicitly add 'require_membership_of = ' with the
SID of 'Domain Users'.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list