What is the trick for having home directories on a samba share be
accessible from a windows machine??
I am using winbind with NT to authenticate -- it works fine. I have users
with accounts on the samba machine, they have the same usernames and
passwords on the NT machine. All users on the samba machine have accounts
in /home Is there some sort of trick with the template homedir command,
and maybe with the allowed users in the homes share??
Here are my files
/etc/pam.d/login
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_unix.so use_first_pass
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
/etc/pam.d/system-auth
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_unix.so
password sufficient /lib/security/pam_winbind.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5
shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
/etc/pam.d/samba
#%PAM-1.0
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
smb.conf
# Global parameters
[global]
workgroup = GPREP
netbios name = leonardo
server string = leonardo the lionhearted
interfaces = 172.16.0.2/16
winbind uid=10000-20000
winbind gid=10000-20000
winbind cache time = 15
winbind enum users = yes
winbind enum groups = yes
winbind separator= +
# from server to domain
security = domain
password server = GOETHE
encrypt passwords = yes
log level = 3
log file = /home/log/samba/log.%e
max log size = 50
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
os level = 33
local master = No
wins proxy = Yes
wins server = 172.16.0.4
# getwd cache = yes
follow symlinks = no
wide links = no
template homedir = /home/%U
template shell = /bin/bash
# template homedir = /home/%D/%U
# template homedir = /home/%D%U
obey pam restrictions = yes
# smb passwd file=/etc/smbpasswd
hosts allow= 172.16.
[homes]
comment = Home Directories
# allow users = "%D+%U"
read only = No
create mask = 0700
directory mask = 0700
browseable = No
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 | Message: 13 | Date: Mon, 8 Jul 2002 21:28:04 -0400 (EDT) | From: <jchurch@gprep.org> | To: <samba@lists.samba.org> | Subject: [Samba] home directories & winbind ? | | | What is the trick for having home directories on a samba share be | accessible from a windows machine?? | | I am using winbind with NT to authenticate -- it works fine. I have users | with accounts on the samba machine, they have the same usernames and | passwords on the NT machine. All users on the samba machine have accounts | in /home Is there some sort of trick with the template homedir command, | and maybe with the allowed users in the homes share?? Except they are not the same usernames. Your system will see the usernames as GPREP+username, instead of username (for example if you run 'getent passwd'. This is the ideal application of 'winbind use default domain = yes', which is available since 2.2.4. Buchan - -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9KraRrJK6UGDSBKcRAjrGAKDDeSa1keF6qxdhbkfxNgdxsQrh6wCeOKsZ bjdcTSFzqcpFcAgk2aRwXos=ffDS -----END PGP SIGNATURE-----