Mark Campbell wrote:
So I have idmap:rid working. The problem is I can set only the same
shell for all users. I was trying to find a way to store the shell in
AD. I have found a couple references to ||RFC2307. Can this be used
with AD and if so is there a good article on it somewhere? (I looked
through the samba docs but didn't find anythings yet perhaps I am just
blind)
short form:
- do an upgrade to Windows Server 2003 R2 on the DCs
- set POSIX IDs in AD for all users und groups which you want to use
with samba
- compile samba with kerberos support
- net ads join
smb.conf:
security = ADS
realm = YOUR.DOMAIN
idmap backend = ad
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
/etc/nsswitch.conf:
passwd: files winbind
shadow: files
group: files winbind
/etc/krb5.conf:
[libdefaults]
default_realm = YOUR.DOMAIN
[realms]
YOUR.DOMAIN = {
kdc = xxx.xxx.xxx.xxx
kdc = yyy.yyy.yyy.yyy
}
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
