Mapping AD authenticated users to Linux users
Hi, I have posted this question elsewhere on other forums, but am nt getting very far with it, so this is my first post on this forum. I have configured Kerberos/Samba/Winbind on a RHEL 3 server, so users can login to the RHEL 3 server using there windows credentials, and be authenticated against our Windows 2003 R2 PDC/AD. This all works fine. However, the Windows user name that the user uses does not match the linux username that already exists on the RHEl 3 server. I would like to be able to map the Windows Username to the Linux username, so once they have logged in, then they will assume their original Linux username, and home directory. (This will save a lot of work modifying scripts etc. that have been in place for many years). My smb.conf file looks like this; [global] log level = 10 workgroup = EU server string = sectest server realm = EU.MYDOMAIN.LOCAL log file = /var/log/samba/%m.log max log size = 50 security = ADS password server = MY-PDC.EU.MYDOMAIN.LOCAL username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash winbind use default domain = yes #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writeable = yes path = /home/%D/%u valid users = %u [printers] comment = All Printers path = /var/spool/samba browseable = no printable = yes My smbusers file looks like this; # Unix_name = SMB_name1 SMB_name2 ... root = administrator admin nobody = guest pcguest smbguest fredb = EU/bloggsf In the above example, the Windows username is bloggsf, and the linux name is fredb. I am fairly sure this is the right way to approach this, but it just does not seem to work, because once I have authenticated with bloggsf, it fails to find the home directory, saying this; Could not chdir to home directory /home/EU/bloggsf: No such file or directory This is fo course true, because this home directory does not exist, but one for fredb does. I could of course use a symbolic link to EU/bloggsf to a home directory for fredb, but this seems unnecessary because I think the username map shoudl do the trick. Or can someone tell me otherwise? Many thanks in anticpiation |
No comments:
Post a Comment