[Samba] Login From Domain
Rowland Penny
rpenny at samba.org
Mon Nov 14 20:38:59 UTC 2022
On 14/11/2022 20:21, Rob Campbell via samba wrote:
>>
>> Bingo
>> [Mon Nov 14 15:11:14] [root at D02~] $ getent passwd HOME\\robcampbell
>> HOME\robcampbell:*:211110:210513::/home/robcampbell:/bin/bash
>>
>
> But shouldn't I get the same output?
> [Mon Nov 14 15:07:19] [root at DC01/var/log$] getent passwd robcampbell
> HOME\robcampbell:*:222334:100:Robert
> Campbell:/home/HOME/robcampbell:/bin/false
>
> [Mon Nov 14 15:11:14] [root at D02~] $ getent passwd HOME\\robcampbell
> HOME\robcampbell:*:211110:210513::/home/robcampbell:/bin/bash
No, it doesn't work like that.
You appear to have given your user 'robcampbell' the uidNumber 222334
(why ? You do not appear to be using the 'ad' idmap backend anywhere)
and this ID will only be used on your DC (unless you do use the 'ad'
idmap backend). The '100' is the standard ID for Domain Users on a Samba
AD DC. Unless you set 'template homedir' and 'template shell' in the
smb.conf, the defaults /home/%D/%U and /bin/false are used.
On your Unix domain member, because you are using the autorid idmap
backend, the ID's are calculated from the information you provide (the
low domain range) and the user or group RID. Provided you use the same
basic smb.conf on all Unix domain members, you will always get the same
ID's.
Rowland
More information about the samba
mailing list