[Samba] Unix Attributes not working as expected in a member server
Rowland Penny
rpenny at samba.org
Thu Apr 27 09:28:24 UTC 2023
On 27/04/2023 10:15, Luis Peromarta via samba wrote:
> Hi there,
>
> I have a working SAMBA environment mainly for Windows Users. 3xDCs, 1 file server, 1 print server as member servers. File sharing / printing works perfectly. AD backend with RFC2307.
>
> I am trying to get AD users to work in the file server (login to the server).
>
> I have populated in ADUC
>
> LoginShell /bin/bash
>
> and
>
> unixHomeDirectory /data/users/otros/luis
>
> However when I try
>
> # getent passwd luis
> luis:*:10005:10000:Luis Peromarta:/home/MAD/luis:/bin/false
>
> None of the parameters are read correctly from AD - maybe they are not read at all?.
>
> Relevant portion of the server’s smb.conf:
>
> [global]
> security = ADS
> workgroup = MAD
> realm = MAD.MATER.INT
> netbios name = SERVER
> server role = member server
> log file = /var/log/samba/%m.log
> # interfaces = lo enp1s0
> # bind interfaces only = yes
>
>
> # To enable Group Policy application in winbind,
> apply group policies = yes
>
>
> # Default ID mapping configuration for local BUILTIN accounts
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
>
> # idmap config for the MAD domain
>
> idmap config MAD:backend = ad
> idmap config MAD:schema_mode = rfc2307
> idmap config MAD:range = 10000-999999
>
> # winbind config:
>
> winbind nss info = rfc2307
>
> What am I doing wrong ?
Probably not reading 'man idmap_ad', where you will find:
unix_nss_info = yes/no
If set to yes winbind will retrieve the login shell and home
directory from the LDAP attributes. If set to no or the AD LDAP
entry lacks the SFU attributes the options template shell and
template homedir are used.
Default: no
Which means, replace 'winbind nss info = rfc2307' with 'idmap config MAD
: unix_nss_info = yes'
Rowland
More information about the samba
mailing list