On 02/12/2022 13:05, Piviul via samba wrote:> On 12/2/22 09:24, Piviul via samba wrote: >> On 12/2/22 08:59, Piviul via samba wrote: >>> Hi all, I have a PC joined to an AD domain that authenticate users >>> using pam_winbind module. I have set the option mkhomedir and all >>> seems to works except that in the domain home folders are created >>> even home folders of the PCs. There is a way to instruct pam_winbind >>> to create only user's home folders and don't create PC's home folders? >> valid users = %S in [homes] section seems to solve the problem. > > doesn't works, in the folder where winbind creates the users home > folders I continue to find PCs's newly home folders... > > :( > > Piviul > > >I think you are going to have to give us more info. For some reason, PAM seems to be treating the computers as users (which they are in AD, but rather special users), also it isn't winbind that creates home directories, it is a PAM plugin. What OS ? How have you set the mkhomedir option ? Why are the PC's connecting as users ? Rowland
Sorry for the answer delay... On 12/2/22 14:13, Rowland Penny via samba wrote:> I think you are going to have to give us more info. For some reason, > PAM seems to be treating the computers as users (which they are in AD, > but rather special users), also it isn't winbind that creates home > directories, it is a PAM plugin.yes, you are right, in effect I can't find PC names in users $ wbinfo --domain-users | grep $(hostname) $ or in groups $ wbinfo --domain-groups | grep $(hostname) $ but for PAM the PC is a user: $ getent passwd $(wbinfo --own-domain)\\$(hostname)$ DOMINIOCSA\psala-lx$:*:21298:10513::/home/DOMINIOCSA/psala-lx_:/bin/bash and it is a group too: $ getent group $(wbinfo --own-domain)\\$(hostname)$ DOMINIOCSA\psala-lx$:x:21298:DOMINIOCSA\psala-lx$ in my nsswitch.conf I have only set: $ grep winbind /etc/nsswitch.conf passwd:???????? files winbind systemd group:????????? files winbind systemd There is something else I have to do to instruct PAM how to get users?> What OS ?from debian stretch with built-in samba 4.5.16 to debian bookworm with built-in samba 4.17.3.> How have you set the mkhomedir option ?$ grep mkhomedir /etc/security/pam_winbind.conf mkhomedir = yes> Why are the PC's connecting as users ?I don't know, I was thinking was inside the smb protocol but... never take anything for granted ;) Best regards Piviul