On 12/28/2011 09:10 AM, Gémes Géza wrote:
2011-12-27 22:20 keltezéssel, Bernd Markgraf írta:
I have created the home directories with the uid number given by wbinfo.
So user steve2 has a home directory of /home/DOMAIN/steve2 300006:100

These uid:gid are respected when I export /home using nfs. I can see
300006:users on the client too. Even so, as you say these numbers are
not respected outside of the samba 4 - windows relationship.
Of course you see the same uid/gid numbers on the clients. what the
clients are missing is the associated username. on your client uidnumber
300006 could very well be jennifer and not steve2. the fact that you see
the uidnumber and not a username means that your nfs clients don't have
the users in the nameservice in use. to make things work properly you
need to make the users you have in samba known to your nfs client's OS.

   bernd

I would suggest the following:

Implement rfc2307 schema on samba4, modify your user accounts according
to it. Then create your home directories with the uid/gid setted in the
AD (this way on the samba4 box the uids, gids will look wrong, but on
the client *nix boxes they will be right)

Regards

Geza
OK
I have read this as you suggested before:

http://phaedrus77.blogspot.com/2010/04/samba4-ad-domain-controller-to-serve.html

I created a user steve4 using

samba-tool user add steve2

wbinfo -i gives me uid:gid 3000019:100

I create the home directory accordingly.

I then rfc2307'ify:

ldapmodify -h localhost -W -D [email protected] -f steve4.txt

Where steve4.txt contains:

dn: cn=steve4,cn=users,dc=hh3,dc=site
changetype: modify
add: objectclass
objectclass: posixaccount
-
add: objectclass
objectclass: shadowaccount
-
add: uidnumber
uidnumber: 3000019
-
add: gidnumber
gidnumber: 100
-
add:unixhomedirectory
unixhomedirectory: /home/CACTUS/steve4
-
add: loginshell
loginshell: /bin/bash

I join an openSUSE client to the domain. From the client, steve4 can get a kerberos ticket and wbinfo now shows he also has a real shell, /bin/bash rather than /bin/false

Still no login is possible. I think that the article in the link above is about using ldap in Samba 4 and authenticating against that rather than using a domain logon. He then goes on to talks about using ldapclient and modifying /etc/pam.conf. On Linux, that's where it starts to get different. So I've had to give up for now.

Geza, do you think that the distros will implement this when Samba 4 is released? Do you think the Samba 4 devs know of the need for it? I ask because I think it is something which has been overlooked.
Thanks again
Steve.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to