[Samba] libpam-winbind mkhomedir
Marco Gaiarin
gaio at sv.lnf.it
Thu Jun 3 09:43:40 UTC 2021
Mandi! Rowland penny via samba
In chel di` si favelave...
> OK, but the computers don't need a UID for the machine password to work:
Sure, but it NEED it if a deploy system running as SYSTEM user need
access to a non-guest share, where there's some sensitive information,
like a private key.
I abuse this message for a clarification:
> > I don't use the 'mkhome' feature of winbind, but a script in [users]
> > share. Anyway, i think that the best solution will be a simple filter
> > in 'mkhome', like explicitly add 'require_membership_of = ' with the
> > SID of 'Domain Users'.
Clearly i don't mena to add 'require_membership_of = <SID>' to winbind
conf, because in this way you filter out 'tout court' computers from
PAM/NSS, but adding a thing like 'mkome_require_membership_of = <SID>'.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list