summaryrefslogtreecommitdiff
path: root/source3/param
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2005-06-29 14:03:53 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:58:07 -0500
commit2e7f22e833fbb549f698460f9ed4d81af68b86e9 (patch)
tree58f04a4311fa6cb4b2acdb33222b8b340675badb /source3/param
parent3922667cbe6cd56c6d29c88692b7e7d3342c1f1f (diff)
downloadsamba-2e7f22e833fbb549f698460f9ed4d81af68b86e9.tar.gz
samba-2e7f22e833fbb549f698460f9ed4d81af68b86e9.tar.bz2
samba-2e7f22e833fbb549f698460f9ed4d81af68b86e9.zip
r7994: This adds support in Winbindd's "security = ads"-mode to retrieve the POSIX
homedirectory and the loginshell from Active Directory's "Services for Unix". Enable it with: winbind sfu support = yes User-Accounts without SFU-Unix-Attributes will be assigned template-based Shells and Homedirs as before. Note that it doesn't matter which version of Services for Unix you use (2.0, 2.2, 3.0 or 3.5). Samba should detect the correct attributes (msSFULoginShell, msSFU30LoginShell, etc.) automatically. If you also want to share the same uid/gid-space as SFU then also use PADL's ad-idmap-Plugin: idmap backend = ad When using the idmap-plugin only those accounts will appear in Name Service Switch that have those UNIX-attributes which avoids potential uid/gid-space clashes between SFU-ids and automatically assigned idmap-ids. Guenther (This used to be commit 28b59699425b1c954d191fc0e3bd357e4a4e4cd8)
Diffstat (limited to 'source3/param')
-rw-r--r--source3/param/loadparm.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 15eee5313c..d584997f81 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -226,6 +226,7 @@ typedef struct
int oplock_break_wait_time;
int winbind_cache_time;
int winbind_max_idle_children;
+ BOOL bWinbindSFUSupport;
int iLockSpinCount;
int iLockSpinTime;
char *szLdapMachineSuffix;
@@ -1237,6 +1238,7 @@ static struct parm_struct parm_table[] = {
{"winbind trusted domains only", P_BOOL, P_GLOBAL, &Globals.bWinbindTrustedDomainsOnly, NULL, NULL, FLAG_ADVANCED},
{"winbind nested groups", P_BOOL, P_GLOBAL, &Globals.bWinbindNestedGroups, NULL, NULL, FLAG_ADVANCED},
{"winbind max idle children", P_INTEGER, P_GLOBAL, &Globals.winbind_max_idle_children, NULL, NULL, FLAG_ADVANCED},
+ {"winbind sfu support", P_BOOL, P_GLOBAL, &Globals.bWinbindSFUSupport, NULL, NULL, FLAG_ADVANCED},
{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
};
@@ -1582,6 +1584,7 @@ static void init_globals(void)
Globals.bWinbindTrustedDomainsOnly = False;
Globals.bWinbindNestedGroups = False;
Globals.winbind_max_idle_children = 3;
+ Globals.bWinbindSFUSupport = False;
Globals.bEnableRidAlgorithm = True;
@@ -2006,6 +2009,7 @@ FN_LOCAL_INTEGER(lp_aio_write_size, iAioWriteSize);
FN_LOCAL_CHAR(lp_magicchar, magic_char)
FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
FN_GLOBAL_INTEGER(lp_winbind_max_idle_children, &Globals.winbind_max_idle_children)
+FN_GLOBAL_BOOL(lp_winbind_sfu_support, &Globals.bWinbindSFUSupport)
FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)
FN_GLOBAL_INTEGER(lp_client_signing, &Globals.client_signing)