I have a SAMBA 3.0.2a server running against AD. Everything works fine.
I've modified my /etc/pam.d/samba to create account and share on the fly.
What I'm looking for is for samba/pam not to create a share for the computer
account accessing the share.
Thanks!
Here's my configs:
/etc/samba/smb.conf:
[global]
# main - domain membership and security
workgroup = CCSU_ACA_COMP
server string = File Server
obey pam restrictions = yes
security = ADS
realm = STUDENTS.CCSU.EDU
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
interfaces = lo eth0
max log size = 10000
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
load printers = No
log level = 2 passdb:2 auth:2 winbind:2
# netbios config
# setting to 'no' disables other domains users shares to be
created
# in general the user will be rejected since the account name is not
# being cached by winbind
# allow trusted domains = no
lm announce = no
local master = no
domain master = no
os level = 0
# winbind config
winbind uid = 10000-30000
winbind gid = 10000-30000
winbind enum users = no
winbind enum groups = no
template homedir = /cifs/users/%U
template shell = /bin/false
winbind separator = #
[homes]
comment = Home Directory
browsable = no
writable = yes
valid users = %D#%U
invalid users = @"%D#Domain Computers"
create mode = 0664
directory mode = 0775
/etc/pam.d/samba
#%PAM-1.0
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_mkhomedir.so skel=/etc/skelfile umask=0022
#session required pam_script.so onsessionopen="/etc/samba/add_user.sh"
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
