diff options
author | Günther Deschner <gd@samba.org> | 2005-06-29 14:03:53 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:58:07 -0500 |
commit | 2e7f22e833fbb549f698460f9ed4d81af68b86e9 (patch) | |
tree | 58f04a4311fa6cb4b2acdb33222b8b340675badb /source3/param | |
parent | 3922667cbe6cd56c6d29c88692b7e7d3342c1f1f (diff) | |
download | samba-2e7f22e833fbb549f698460f9ed4d81af68b86e9.tar.gz samba-2e7f22e833fbb549f698460f9ed4d81af68b86e9.tar.bz2 samba-2e7f22e833fbb549f698460f9ed4d81af68b86e9.zip |
r7994: This adds support in Winbindd's "security = ads"-mode to retrieve the POSIX
homedirectory and the loginshell from Active Directory's "Services for Unix".
Enable it with:
winbind sfu support = yes
User-Accounts without SFU-Unix-Attributes will be assigned template-based
Shells and Homedirs as before.
Note that it doesn't matter which version of Services for Unix you use (2.0,
2.2, 3.0 or 3.5). Samba should detect the correct attributes (msSFULoginShell,
msSFU30LoginShell, etc.) automatically.
If you also want to share the same uid/gid-space as SFU then also use PADL's
ad-idmap-Plugin:
idmap backend = ad
When using the idmap-plugin only those accounts will appear in Name Service
Switch that have those UNIX-attributes which avoids potential uid/gid-space
clashes between SFU-ids and automatically assigned idmap-ids.
Guenther
(This used to be commit 28b59699425b1c954d191fc0e3bd357e4a4e4cd8)
Diffstat (limited to 'source3/param')
-rw-r--r-- | source3/param/loadparm.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 15eee5313c..d584997f81 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -226,6 +226,7 @@ typedef struct int oplock_break_wait_time; int winbind_cache_time; int winbind_max_idle_children; + BOOL bWinbindSFUSupport; int iLockSpinCount; int iLockSpinTime; char *szLdapMachineSuffix; @@ -1237,6 +1238,7 @@ static struct parm_struct parm_table[] = { {"winbind trusted domains only", P_BOOL, P_GLOBAL, &Globals.bWinbindTrustedDomainsOnly, NULL, NULL, FLAG_ADVANCED}, {"winbind nested groups", P_BOOL, P_GLOBAL, &Globals.bWinbindNestedGroups, NULL, NULL, FLAG_ADVANCED}, {"winbind max idle children", P_INTEGER, P_GLOBAL, &Globals.winbind_max_idle_children, NULL, NULL, FLAG_ADVANCED}, + {"winbind sfu support", P_BOOL, P_GLOBAL, &Globals.bWinbindSFUSupport, NULL, NULL, FLAG_ADVANCED}, {NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0} }; @@ -1582,6 +1584,7 @@ static void init_globals(void) Globals.bWinbindTrustedDomainsOnly = False; Globals.bWinbindNestedGroups = False; Globals.winbind_max_idle_children = 3; + Globals.bWinbindSFUSupport = False; Globals.bEnableRidAlgorithm = True; @@ -2006,6 +2009,7 @@ FN_LOCAL_INTEGER(lp_aio_write_size, iAioWriteSize); FN_LOCAL_CHAR(lp_magicchar, magic_char) FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time) FN_GLOBAL_INTEGER(lp_winbind_max_idle_children, &Globals.winbind_max_idle_children) +FN_GLOBAL_BOOL(lp_winbind_sfu_support, &Globals.bWinbindSFUSupport) FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase) FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout) FN_GLOBAL_INTEGER(lp_client_signing, &Globals.client_signing) |