Thanks for the suggestions.

I wanted unix users (exclusively sysadmins and developers) to still get
their normal unix login directories. On the other hand, since this is a
file server, any connection via samba, should connect people to their
samba file directories.

It looks like your suggestion is "ldapsam:trusted = yes" in smb.conf.
Here's a good explanation from the Samba docs:

By default, Samba as a Domain Controller with an LDAP backend needs
to use the Unix-style NSS subsystem to access user and group
information. Due to the way Unix stores user information in
/etc/passwd and /etc/group this inevitably leads to inefficiencies.
One important question a user needs to know is the list of groups he
is member of. The plain UNIX model involves a complete enumeration
of the file /etc/group and its NSS counterparts in LDAP. UNIX has
optimized functions to enumerate group membership. Sadly, other
functions that are used to deal with user and group attributes lack
such optimization.

To make Samba scale well in large environments, the ldapsam:trusted
= yes option assumes that the complete user and group database that
is relevant to Samba is stored in LDAP with the standard
posixAccount/posixGroup attributes. It further assumes that the
Samba auxiliary object classes are stored together with the POSIX
data in the same LDAP object. If these assumptions are met,
ldapsam:trusted = yes can be activated and Samba can bypass the NSS
system to query user group memberships. Optimized LDAP queries can
greatly speed up domain logon and administration tasks. Depending on
the size of the LDAP database a factor of 100 or more for common
queries is easily achieved.


Gémes Géza wrote:
> >From my memory:

> Unless you use ldapsam trusted = yes parameter samba does an nss lookup
> to find out the details of the user, so you either
> 1. remove local users
> 2. synchronize them to ldap
> 3. configure /etc/nsswitch.conf to look in ldap first then in files
> 4. tell samba to trust the ldap database for nss information with the
> parameter mentioned above.
> Regards
> Geza
>> I have the [homes] section set up in my smb.conf so that
>> \\\user connects to the user's home directory. Since I am
>> using OpenLDAP as a backend via smbldap-tools, for most users the home
>> directory comes from the homeDirectory variable in OpenLDAP.
>> However, when I have a user who also has a login on the samba machine,
>> that is, an entry in /etc/passwd, Samba seems to ignore the value of
>> homeDirectory and use the entry in /etc/passwd instead.
>> Here is the section from smb.conf
>> [homes]
>> comment = %u's Personal Share Directory
>> browseable = no
>> valid users = %S @admin
>> write list = %S @admin
>> create mask = 0600
>> directory mask = 0700
>> I even tried adding the line
>> path = /data/home/%S
>> to the [homes] section, but it seems to be ignored.
>> Any suggestions how I can make Samba prefer the value in HomeDirectory
>> over /etc/passwd?
>> Wes



Wes Modes
Server Administrator & Programmer Analyst
McHenry Library
Computing & Network Services
Information and Technology Services
To unsubscribe from this list go to the following URL and read the