新的自定义主目录路径无法识别用户

tag-icon tag-icon active-directory samba
新的自定义主目录路径无法识别用户

目标是拥有一个自定义主目录,因为我们需要从/家,到新卷,/人们

我创建了一个新的测试用户 bilbo,但 winbind 服务一直假设他们的家在/主页/比尔博而不是/人物/比尔博

我怀疑 Samba 甚至没有从 Active Directory 读取用户的主目录路径,结果似乎表明了这一点。是否有 smb.conf 标志?

添加新用户并自定义主目录路径的步骤:

Create new user in AD, 
    with extensions, used home directory path of "/people/bilbo"

广告截图

On CentOS 7 host, 
    I manually created /people/bilbo and contents, 
    and tagged all files/directories with proper permissions.

但是,首次登录时,系统创建了一个新的“/home/bilbo”,而不是使用现有路径!

我还尝试过什么:

Restart smb and winbind, and flushed cache (deleting *.tdb's too) - no good.
Modified the local smb.conf, removing "template homedir = /home/%U" and restarted smb and winbind.
- it then created a new one in /home/DEVELOPMENT/bilbo upon login, and did not attempt to look in /people at all.

smb.conf的内容:

[global]
security = ADS
workgroup = DEVELOPMENT
realm = DEVELOPMENT.mycompany.com
client use spnego = yes
server signing = auto
server string = Samba Client
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind separator = +
winbind refresh tickets = yes
winbind offline logon = yes
inherit acls = yes

idmap config * : backend = tdb
idmap config * : range = 10000-20000

template homedir = /home/%U
force group = dev
template shell = /bin/bash

有什么建议或推荐吗?

答案1

我找到了原因:

使用较新版本的 Samba 时,我使用的是 4.6.0 之前的设置。
我重新设计了 smb.conf,以允许一些本地 ID 和更大的 AD 空间,并更正了来自 Windows Active Directory 的 RFC2307 数据收集。

##### New smb.conf file #####

    password server = windowsADserver.development.mycompany.com
    passdb backend = tdbsam

# idmap config for local BUILTIN accounts and groups
    idmap config * : backend = tdb
    idmap config * : range = 3000-7999

# idmap config for the DEVELOPMENT domain
    idmap config DEVELOPMENT:backend = ad           <<---- Need AD backend
    idmap config DEVELOPMENT:schema_mode = rfc2307  <<---- plus this one
    idmap config DEVELOPMENT:unix_nss_info = yes    <<---- and this one
    idmap config DEVELOPMENT:range = 10000-40000
    idmap config DEVELOPMENT:unix_primary_group = yes

    template shell = /bin/bash
    template homedir = /home/%U

    winbind use default domain = true
    winbind offline logon = false
    winbind enum users = yes
    winbind enum groups = yes
    encrypt passwords = yes
    log file = /var/log/samba/log.%m
    max log size = 50
    kerberos method = system keytab
    log level = 10

[homes]
    comment = Home Directories
    valid users = %S, %D%w%S
    browseable = No
    read only = No
    inherit acls = Yes

相关内容