Web lists-archives.com

Re: [Samba] Configured AD backend but getting different uid and gid




Hi,

Thanks for the pointers.

>I dont know your system, but on my debian im adding things like that in
/etc/profile.d/

>Now its for every user, put your scripts in there, give "domain users" a
GID.
>Make a match on the GID and make the program do what you want.
>This make sure this only runs for domain users.
>Somethink like that?

My Linux Machines are mainly Red Hat based. They too have /etc/profile.d. I
am rather new to this but will read up on this.

>You mean a domain users login on a linux member?
>I use CIFS/NFS auto mounting homedirs, i use NFSv4 (kerberized) and
automounting currently.

>I'll make a small howto on howto setup the NFSv4 kerberised part, my
current setup is stable and im can repeat it without problems.
>And as usual, it is pretty easy IF you know how. ;-)
>Back to PAM again ;-)
>try searching for 'pam-mount'
>With this you can mount directories for users as and when they login.

Yes is regarding domain users login to Linux (RHEL) member. Will also
search for pam-mount for more information. Would like to know if you mean
using pam-mount can also manage CIFS/NFS auto mounting homedirs, and NFSv4
automounting?

>And is you "different gid/uid" problem also solved?

Yes. Is solved as I manage to figured is idmap range issue. My questions
are now about managing domain users in terms of directory mounting, after
they login the systems. This can be marked as closed. Thanks for the help
and advice. If need to I will submit with proper subject.

Thank you.
Regards


On Fri, Apr 26, 2019 at 3:36 PM L.P.H. van Belle via samba <
samba@xxxxxxxxxxxxxxx> wrote:

> Hai,
>
> Now this part.
> > On my Linux machines, currently all is done manually by local
> > user account
> > creation and by adding the command lines into individual home
> > directory
> > ~/.bash_profile
>
> I dont know your system, but on my debian im adding things like that in
> /etc/profile.d/
>
> Now its for every user, put your scripts in there, give "domain users" a
> GID.
> Make a match on the GID and make the program do what you want.
> This make sure this only runs for domain users.
> Somethink like that?
>
>
> > However, I need to find a way to take care of the
> > mapping after the domain user log in.
>
> You mean a domain users login on a linux member?
> I use CIFS/NFS auto mounting homedirs, i use NFSv4 (kerberized) and
> automounting currently.
>
> I'll make a small howto on howto setup the NFSv4 kerberised part, my
> current setup is stable and im can repeat it without problems.
> And as usual, it is pretty easy IF you know how. ;-)
>
> And is you "different gid/uid" problem also solved?
>
>
> Greetz,
>
> Louis
>
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
> > Alfonso Conner via samba
> > Verzonden: vrijdag 26 april 2019 3:58
> > Aan: Rowland Penny
> > CC: samba@xxxxxxxxxxxxxxx
> > Onderwerp: Re: [Samba] Configured AD backend but getting
> > different uid and gid
> >
> > Hi,
> >
> > Thank you for replying. User home directory creation is
> > working without the
> > need to edit /etc/pam.d/common-session
> > The logon script I mentioned here is a in-house script to
> > handle directory
> > mounting for file server access, and create shortcut on the
> > account desktop
> > for different logins.
> > On my Linux machines, currently all is done manually by local
> > user account
> > creation and by adding the command lines into individual home
> > directory
> > ~/.bash_profile
> > I am happy to see after joining Samba AD, domain users able
> > to login Linux
> > machines. However, I need to find a way to take care of the
> > mapping after
> > the domain user log in.
> >
> > Best Regards
> >
> >
> >
> >
> >
> > On Thu, Apr 25, 2019 at 6:48 PM Rowland Penny via samba <
> > samba@xxxxxxxxxxxxxxx> wrote:
> >
> > > On Thu, 25 Apr 2019 17:53:44 +0800
> > > Alfonso Conner <c1581634@xxxxxxxxx> wrote:
> > >
> > > > Hi,
> > > >
> > > > Thanks for the advice, I know these are already EOL but
> > please bear
> > > > with me on that. I also do use CentOS 7 and Windows 10 for further
> > > > testing. Anyway, I found out is due to my "idmap DOMAIN : range"
> > > > value in smb.conf was not set to the correct range.
> > >
> > > Yes, that would do it ;-)
> > >
> > > > Another thing is libnss-winbind package must make sure to
> > be installed
> > > > properly.
> > >
> > > If you want to use kerberos, you will also need libpam-krb5
> > >
> > > > After these things are resolved, I managed to see the
> > correct uid and
> > > > gid. ;-)
> > > >
> > > > I have another problem and would like to know is there any
> > > > configuration to trigger logon script when Domain User
> > login to Linux
> > > > Machine? My understanding if is for Windows, I can use RSAT, go to
> > > > the User account properties-> Profile-> Logon script and
> > put the file
> > > > name.
> > >
> > > It all depends what you mean by 'logon script' ?
> > > If you mean something to create the users home directory,
> > then yes, add:
> > >
> > > session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022
> > >
> > > to the end of /etc/pam.d/common-session
> > >
> > > If this isn't what you require, then can you please explain exactly
> > > what you do require.
> > >
> > > Rowland
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/options/samba
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba