samba - May 2013 - "nis homedir" issue on samba- 3.6.9-151.el6 (CentOS 6.4 64bit)

maybe there is a bug regarding the use of nis to mount the user's home
directory at the login or my misconfiguration.
After the CentOS 6.4 (64bit) installation I checked for the latest samba
version on the official repository using yum: the latest version (that was
already installed) is samba- 3.6.9-151.el6.
>From "man smb.conf" I have seen that "nis homedir" is
not yet deprecated, I
used it a decade ago on samba-2.2.12 with successful.
On CentOS 6.4 I don't use ldap, but only nis and the latter works without
problem, I installed also autofs (auto.home).
autofs+nis are simple and work great, I can 'su' home users on nfs
without
problem.


[global]

   workgroup = DORK   ;changed for privacy
   netbios name = lince
   server string = DMIT domain server
   interfaces = eth0

;   smb ports = 445

   hosts allow = 129.123.38., 139.123.39., 179.21.23., 127. ;changed for
privacy
   hosts deny = ALL

   os level = 33
   domain master = yes
   local master = yes
   preferred master = yes
   domain logons = yes
   security = user
   guest accout = guest
   encrypt passwords = yes
   check password script = /usr/local/sbin/crackcheck -d
/usr/share/cracklib/pw_dict

   smb passwd file = /etc/samba/smbpasswd
   passdb backend = smbpasswd
   username map = /etc/samba/smbusers

   time server = Yes

   log file = /var/log/samba/pc/%m.log

   nis homedir = yes
   homedir map = auto.home

   null passwords = yes
   client lanman auth = no

   logon script = logon.bat
   logon path    logon drive = M:
   logon home = \\%N\%U

   wins support = no
   wins server = winsserver  ;changed for privacy

   log level = 2
   lock directory = /var/log/samba/locks/
   state directory = /var/log/samba/state/
   cache directory = /var/log/samba/cache/
   pid directory = /var/log/samba/pid/
   usershare path = /var/log/samba/usershare/
   printjob username = %M\%U
   hide dot files = No[netlogon]
   path = /etc/samba/netlogon

;   max protocol = smb2

   kernel oplocks = no
   oplocks = no
   level2 oplocks = no
   posix locking = no

   follow symlinks = yes
   wide links = yes
   unix extensions = no
   nt acl support = no

   printing = lprng
   printcap name = /usr/local/samba/lib/printcap
   load printers = yes
   print command = /usr/bin/lpr -P%p %s; rm %s
   lpq command = /usr/bin/lpq -P%p
   lprm command = /usr/bin/lprm -P%p %j
   printcap cache time = 0

### speed tuning
   socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
   write raw = yes
   read raw = no

###  for japanese font :(
   dos charset = cp932
   display charset = cp932
   unix charset = cp932

;  profiles drammatically slow the logout so I disabled
;  [profiles]
;  comment = Network Profiles Share
;  path = /etc/samba/profiles
;  read only = No
;  store dos attribute = Yes
;  create mask = 0600
;  directory mask = 0700
;  browseable = no


[netlogon]
   path = /etc/samba/netlogon
   writeable = no
   public = yes

[root]
   comment = Root di %h
   path = /
   read only = yes
   public = no
   locking = no

[printers]
   printable = yes
   public = yes
   writable = no
   guest ok = yes

   #create mode = 0700

[homes]
   comment = Users Home Directories
   read only = No
   create mask = 0644
   directory mask = 0711
   browseable = No
   valid users = %S
;  %S = the name of the current service, if any. service = map name,
;  so map name A-USER can only be connected by A-USER, %S = %u
;
;  By default, \\server\username shares can be connected to by anyone
;  with access to the samba server. This parameter make sure that only
;  username can connect to \\server\username

[project]
   comment = Group project directories
   path = /usr/local/samba/lib/prj  ;this path contains several links to nfs
   read only = no
   writable = yes
   create mode = 0775
   force create mode = 0775
   directory mode = 02775
   force directory mode = 02775
   public = no
   oplocks = no
,,,,,,,,,,,, continues but not important!



As you can see in the smb.conf  I added 'nis homedir = yes' and
'homedir
map = auto.home'
Samba- 3.6.9-151.el6 is included in CentOS 6.4 so to check if has been
compiled with configure --with-automount I used the command 'smbd -b|grep
-i automount':

  [root at dork]#smbd -b| grep -i automount
        WITH_AUTOMOUNT
        WITH_AUTOMOUNT

this is a piece of my /etc/auto.home:

pippo          server1:/dati3/export/home/&
pluto         server2:/iscsi/home/&
#paperino                 server1:/dati2/export/home/&
mickeymouse            server2:/iscsi/home/&
spiderman         server1:/dati2/export/home/&
,,,,,,,,,,, continues but not important!

Now after samba configuration I'm able to join the 'DORK' domain
from win7
and at login the latter mounts all resources declared through logon.bat
without problem except the user's home directory because 'nis
homedir'
fails.

I think, M: is not mounted on win7 because the variable %N is black
(strange!), I can say that because I also added %N to the file log name
'log file = /var/log/samba/test/%N_%p.log (but even %p is blank!), from man
smb.conf The NIS auto.map entry is split up as %N:%p, and if
--with-automount is not added during the compile %N become %L.....but in my
case %N is black not %L...


   logon drive = M:
   logon home = \\%N\%U


After, I did other tests: I started winbind services but I think nis no
needs it

You can see the log regarding the connection between the samba server and a
win7 pc named 'ORDONA', login username 'guest', all on
http://www.wepaste.com/vincenzo/


Where 'nis homedir' fails? Or is there a known bug?



-- 
Vincenzo De Sanctis

can be a pam problem?

[root at dork]# cat /etc/pam.d/samba
#%PAM-1.0
auth       required     pam_nologin.so
auth       include      password-auth
account    include      password-auth
session    include      password-auth
password   include      password-auth



2013/5/1 Vincenzo De Sanctis <vincenzo.desanctis at gmail.com>
> maybe there is a bug regarding the use of nis to mount the user's home
> directory at the login or my misconfiguration.
> After the CentOS 6.4 (64bit) installation I checked for the latest samba
> version on the official repository using yum: the latest version (that was
> already installed) is samba- 3.6.9-151.el6.
> From "man smb.conf" I have seen that "nis homedir" is
not yet deprecated,
> I used it a decade ago on samba-2.2.12 with successful.
> On CentOS 6.4 I don't use ldap, but only nis and the latter works
without
> problem, I installed also autofs (auto.home).
> autofs+nis are simple and work great, I can 'su' home users on nfs
without
> problem.
>
>
> [global]
>
>    workgroup = DORK   ;changed for privacy
>    netbios name = lince
>    server string = DMIT domain server
>    interfaces = eth0
>
> ;   smb ports = 445
>
>    hosts allow = 129.123.38., 139.123.39., 179.21.23., 127. ;changed for
> privacy
>    hosts deny = ALL
>
>    os level = 33
>    domain master = yes
>    local master = yes
>    preferred master = yes
>    domain logons = yes
>    security = user
>    guest accout = guest
>    encrypt passwords = yes
>    check password script = /usr/local/sbin/crackcheck -d
> /usr/share/cracklib/pw_dict
>
>    smb passwd file = /etc/samba/smbpasswd
>    passdb backend = smbpasswd
>    username map = /etc/samba/smbusers
>
>    time server = Yes
>
>    log file = /var/log/samba/pc/%m.log
>
>    nis homedir = yes
>    homedir map = auto.home
>
>    null passwords = yes
>    client lanman auth = no
>
>    logon script = logon.bat
>    logon path >    logon drive = M:
>    logon home = \\%N\%U
>
>    wins support = no
>    wins server = winsserver  ;changed for privacy
>
>    log level = 2
>    lock directory = /var/log/samba/locks/
>    state directory = /var/log/samba/state/
>    cache directory = /var/log/samba/cache/
>    pid directory = /var/log/samba/pid/
>    usershare path = /var/log/samba/usershare/
>    printjob username = %M\%U
>    hide dot files = No[netlogon]
>    path = /etc/samba/netlogon
>
> ;   max protocol = smb2
>
>    kernel oplocks = no
>    oplocks = no
>    level2 oplocks = no
>    posix locking = no
>
>    follow symlinks = yes
>    wide links = yes
>    unix extensions = no
>    nt acl support = no
>
>    printing = lprng
>    printcap name = /usr/local/samba/lib/printcap
>    load printers = yes
>    print command = /usr/bin/lpr -P%p %s; rm %s
>    lpq command = /usr/bin/lpq -P%p
>    lprm command = /usr/bin/lprm -P%p %j
>    printcap cache time = 0
>
> ### speed tuning
>    socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
>    write raw = yes
>    read raw = no
>
> ###  for japanese font :(
>    dos charset = cp932
>    display charset = cp932
>    unix charset = cp932
>
> ;  profiles drammatically slow the logout so I disabled
> ;  [profiles]
> ;  comment = Network Profiles Share
> ;  path = /etc/samba/profiles
> ;  read only = No
> ;  store dos attribute = Yes
> ;  create mask = 0600
> ;  directory mask = 0700
> ;  browseable = no
>
>
> [netlogon]
>    path = /etc/samba/netlogon
>    writeable = no
>    public = yes
>
> [root]
>    comment = Root di %h
>    path = /
>    read only = yes
>    public = no
>    locking = no
>
> [printers]
>    printable = yes
>    public = yes
>    writable = no
>    guest ok = yes
>
>    #create mode = 0700
>
> [homes]
>    comment = Users Home Directories
>    read only = No
>    create mask = 0644
>    directory mask = 0711
>    browseable = No
>    valid users = %S
> ;  %S = the name of the current service, if any. service = map name,
> ;  so map name A-USER can only be connected by A-USER, %S = %u
> ;
> ;  By default, \\server\username shares can be connected to by anyone
> ;  with access to the samba server. This parameter make sure that only
> ;  username can connect to \\server\username
>
> [project]
>    comment = Group project directories
>    path = /usr/local/samba/lib/prj  ;this path contains several links to
> nfs
>    read only = no
>    writable = yes
>    create mode = 0775
>    force create mode = 0775
>    directory mode = 02775
>    force directory mode = 02775
>    public = no
>    oplocks = no
> ,,,,,,,,,,,, continues but not important!
>
>
>
> As you can see in the smb.conf  I added 'nis homedir = yes' and
'homedir
> map = auto.home'
> Samba- 3.6.9-151.el6 is included in CentOS 6.4 so to check if has been
> compiled with configure --with-automount I used the command 'smbd
-b|grep
> -i automount':
>
>   [root at dork]#smbd -b| grep -i automount
>         WITH_AUTOMOUNT
>         WITH_AUTOMOUNT
>
> this is a piece of my /etc/auto.home:
>
> pippo          server1:/dati3/export/home/&
> pluto         server2:/iscsi/home/&
> #paperino                 server1:/dati2/export/home/&
> mickeymouse            server2:/iscsi/home/&
> spiderman         server1:/dati2/export/home/&
> ,,,,,,,,,,, continues but not important!
>
> Now after samba configuration I'm able to join the 'DORK'
domain from win7
> and at login the latter mounts all resources declared through logon.bat
> without problem except the user's home directory because 'nis
homedir'
> fails.
>
> I think, M: is not mounted on win7 because the variable %N is black
> (strange!), I can say that because I also added %N to the file log name
> 'log file = /var/log/samba/test/%N_%p.log (but even %p is blank!), from
man
> smb.conf The NIS auto.map entry is split up as %N:%p, and if
> --with-automount is not added during the compile %N become %L.....but in my
> case %N is black not %L...
>
>
>    logon drive = M:
>    logon home = \\%N\%U
>
>
> After, I did other tests: I started winbind services but I think nis no
> needs it
>
> You can see the log regarding the connection between the samba server and
> a win7 pc named 'ORDONA', login username 'guest', all on
> http://www.wepaste.com/vincenzo/
>
>
> Where 'nis homedir' fails? Or is there a known bug?
>
>
>
> --
> Vincenzo De Sanctis
>


-- 
Vincenzo De Sanctis