I've got a brand new installation of CentOS minimal, and have installed Samba as follows:
yum install krb5-workstation samba
Firstly, have I got all the necessary packages to become a domain member? The above command also installs for dependencies:
libtalloc libtdb samba-common samba-winbind samba-winbind-clients
In my smb.conf I have the lines:
template shell = /bin/bash
template homedir = /home/%D/%U
I've joined to the domain with:
net ads join -U <admin>
I can now use getent passwd and see AD users as well as local users, but all the AD accounts have shell listed as /bin/false. They do correctly have home directories as /home/<DOMAIN>/<username>, though.
What could be causing this behaviour? All AD users currently get logged out on authentication!
It depends on what type of backend your are using. The order doesn't matter but your templates will only be applied if you are using template driven backends like idmap_rid.
Using
testparmI discovered that this was due to trying to specify the Winbind separator character as\\- in an attempt to get it to do the standard backslash that Windows uses.Because of the parsing of
smb.conf, that is interpreted as a line continuation, so the line after the separator is seen as the end of that directive, and therefore ignored! When placing the template homedir first, Samba ignored it, and when placing the template shell first, Samba ignored that command instead.Since a single backslash is the default separator for Winbind, I have removed the separator line, and both template directives now work.