Wednesday, 26 October 2011

Mapping AD authenticated users to Linux users

Mapping AD authenticated users to Linux users


I have posted this question elsewhere on other forums, but am nt getting very far with it, so this is my first post on this forum.

I have configured Kerberos/Samba/Winbind on a RHEL 3 server, so users can login to the RHEL 3 server using there windows credentials, and be authenticated against our Windows 2003 R2 PDC/AD. This all works fine.

However, the Windows user name that the user uses does not match the linux username that already exists on the RHEl 3 server. I would like to be able to map the Windows Username to the Linux username, so once they have logged in, then they will assume their original Linux username, and home directory. (This will save a lot of work modifying scripts etc. that have been in place for many years).

My smb.conf file looks like this;

log level = 10
workgroup = EU
server string = sectest server
log file = /var/log/samba/%m.log
max log size = 50
security = ADS
password server = MY-PDC.EU.MYDOMAIN.LOCAL
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind use default domain = yes

#============================ Share Definitions ==============================
comment = Home Directories
browseable = no
writeable = yes
path = /home/%D/%u
valid users = %u
comment = All Printers
path = /var/spool/samba
browseable = no
printable = yes

My smbusers file looks like this;

# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest
fredb = EU/bloggsf

In the above example, the Windows username is bloggsf, and the linux name is fredb.

I am fairly sure this is the right way to approach this, but it just does not seem to work, because once I have authenticated with bloggsf, it fails to find the home directory, saying this;

Could not chdir to home directory /home/EU/bloggsf: No such file or directory

This is fo course true, because this home directory does not exist, but one for fredb does.

I could of course use a symbolic link to EU/bloggsf to a home directory for fredb, but this seems unnecessary because I think the username map shoudl do the trick. Or can someone tell me otherwise?

Many thanks in anticpiation

No comments:

Post a Comment