[Samba] Login From Domain

Rob Campbell robcampbell08105 at gmail.com
Mon Nov 14 20:54:44 UTC 2022 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.


On Mon, Nov 14, 2022 at 3:39 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

>
>
> On 14/11/2022 20:21, Rob Campbell via samba wrote:
> >>
> >> Bingo
> >> [Mon Nov 14 15:11:14] [root at D02~] $ getent passwd HOME\\robcampbell
> >> HOME\robcampbell:*:211110:210513::/home/robcampbell:/bin/bash
> >>
> >
> > But shouldn't I get the same output?
> > [Mon Nov 14 15:07:19] [root at DC01/var/log$] getent passwd robcampbell
> > HOME\robcampbell:*:222334:100:Robert
> > Campbell:/home/HOME/robcampbell:/bin/false
> >
> > [Mon Nov 14 15:11:14] [root at D02~] $ getent passwd HOME\\robcampbell
> > HOME\robcampbell:*:211110:210513::/home/robcampbell:/bin/bash
>
> No, it doesn't work like that.
> You appear to have given your user 'robcampbell' the uidNumber 222334
> (why ? You do not appear to be using the 'ad' idmap backend anywhere)
> and this ID will only be used on your DC (unless you do use the 'ad'
> idmap backend). The '100' is the standard ID for Domain Users on a Samba
> AD DC. Unless you set 'template homedir' and 'template shell' in the
> smb.conf, the defaults /home/%D/%U and /bin/false are used.
>
> In my create user script, I did specify the uid and gid.  I need to remove
that.  And removing that will keep the ids in sync between the dc and dm?
Isn't idmap config * : backend = autorid only used on the members, not the
controller?
If I set template homedir in the dc smb.conf I don't need to use
--home-directory or --unix-home with samba-tool user create?
If I set template shell in the dc smb.conf I don't need to use
--login-shell with samba-tool user create?

I should remove --uid-number and --gid-number from samba-tool user create
because autorid handles that?


> On your Unix domain member, because you are using the autorid idmap
> backend, the ID's are calculated from the information you provide (the
> low domain range) and the user or group RID. Provided you use the same
> basic smb.conf on all Unix domain members, you will always get the same
> ID's.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list