Hello all,
I have a functional samba/windind file server (SLES 10) thats a member server of
an Active Directory domain. I'm able to successfully resolve user and group
accounts from AD. The problem I'm having is samba isn't creating home
directories automatically when I try to map to a AD user share from Win XP.
What I am able to do is, when I ssh into the machine with an AD user, it creates
the the home directory. I can't figure out why because my pam.d configs are
configured for this to happen. But obviously I'm missing something. One
thing I did try as a result from googling is changing the /home/MYDOM directory
to 777, but no cigar. Here's my pam.d configs and smb.conf below. Thanks
in advance.
/etc/pam.d/samba:
auth include common-auth
account include common-account
password include common-password
session include common-session
/etc/pam.d/sshd
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
/etc/pam.d/common-session
session required pam_mkhomedir.so
session required pam_limits.so
session required pam_unix2.so
======================================
/etc/samba/smb.conf:
[global]
workgroup = MYDOM
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
logon drive = H:
idmap gid = 10000-20000
idmap uid = 10000-20000
realm = MYDOM.ORG
security = ADS
template homedir = /home/%D/%U
template shell = /bin/bash
winbind refresh tickets = yes
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
This baffled me for a while too. I eventually found a comment to a blog
article that answered the question. You have to add
obey pam restrictions = yes
to smb.conf
Also, I wouldn't leave /home/MYDOM with 777 perms.
Mike
-----Original Message-----
From: samba-bounces+mdavidson=mountwashington.org@lists.samba.org
[mailto:samba-bounces+mdavidson=mountwashington.org@lists.samba.org] On
Behalf Of Golden Butler
Sent: Friday, October 13, 2006 11:06 AM
To: Samba Mailing List
Subject: [Samba] Home Directories on the fly?
Hello all,
I have a functional samba/windind file server (SLES 10) thats a member
server of an Active Directory domain. I'm able to successfully resolve user
and group accounts from AD. The problem I'm having is samba isn't
creating
home directories automatically when I try to map to a AD user share from Win
XP. What I am able to do is, when I ssh into the machine with an AD user,
it creates the the home directory. I can't figure out why because my pam.d
configs are configured for this to happen. But obviously I'm missing
something. One thing I did try as a result from googling is changing the
/home/MYDOM directory to 777, but no cigar. Here's my pam.d configs and
smb.conf below. Thanks in advance.
/etc/pam.d/samba:
auth include common-auth
account include common-account
password include common-password
session include common-session
/etc/pam.d/sshd
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
/etc/pam.d/common-session
session required pam_mkhomedir.so
session required pam_limits.so
session required pam_unix2.so
======================================
/etc/samba/smb.conf:
[global]
workgroup = MYDOM
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
logon drive = H:
idmap gid = 10000-20000
idmap uid = 10000-20000
realm = MYDOM.ORG
security = ADS
template homedir = /home/%D/%U
template shell = /bin/bash
winbind refresh tickets = yes
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
If I understand you correctly, you have user jsmith that wants to connect to /your_samba_share_root/home/jsmith (or whatever your home path is). When your Windows XP users login to the domain, they are not getting their home directories mapped. If this is the case, your home directory mapping is the job of Active Directory itself. Are you using your Samba server as an AD member server? If not and it is all Windows based domain controllers, you need to setup your home share configuration in the user account in AD. 1) Open Active Dirctory Users and Computers (on your DC or local PC if you installed it there) 2) Right-click on the user account jsmith (or whatever) and select Properties 3) Click the Profile tab 4) Click the Connect option button 5) Select the drive letter you want the share to be under (we use H for Home) 6) Put in the full UNC path (i.e. \\your_samba_server_name\home\jsmith) 7) Click OK 8) Close Active Directory Users and Computers Ta da! NOTES: When creating new users, you can copy an existing user and it will automatically add this configuration to the new user account AND create their home share on the Samba server IFF you give domain full rights to the /home folder. You MUST go back and configure permissions properly on this folder after creating a new account. You need to be diligent and consistent when choosing a global home share. Make sure you don't later try to map a drive to that letter. It won't work. HTH, Aaron Kincer Golden Butler wrote:> Hello all, > I have a functional samba/windind file server (SLES 10) thats a member server of an Active Directory domain. I'm able to successfully resolve user and group accounts from AD. The problem I'm having is samba isn't creating home directories automatically when I try to map to a AD user share from Win XP. What I am able to do is, when I ssh into the machine with an AD user, it creates the the home directory. I can't figure out why because my pam.d configs are configured for this to happen. But obviously I'm missing something. One thing I did try as a result from googling is changing the /home/MYDOM directory to 777, but no cigar. Here's my pam.d configs and smb.conf below. Thanks in advance. > > /etc/pam.d/samba: > auth include common-auth > account include common-account > password include common-password > session include common-session > > /etc/pam.d/sshd > auth include common-auth > auth required pam_nologin.so > account include common-account > password include common-password > session include common-session > > /etc/pam.d/common-session > session required pam_mkhomedir.so > session required pam_limits.so > session required pam_unix2.so > > ======================================> > /etc/samba/smb.conf: > [global] > workgroup = MYDOM > printing = cups > printcap name = cups > printcap cache time = 750 > cups options = raw > logon drive = H: > idmap gid = 10000-20000 > idmap uid = 10000-20000 > realm = MYDOM.ORG > security = ADS > template homedir = /home/%D/%U > template shell = /bin/bash > winbind refresh tickets = yes > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = yes >
Thanks! That was right on the money! You've help me in my bid to get a
raise!
- Golden
_____
From: Michael Davidson [mailto:mdavidson@mountwashington.org]
To: 'Golden Butler' [mailto:golden@cnt.org]
Cc: samba@lists.samba.org
Sent: Fri, 13 Oct 2006 11:21:23 -0500
Subject: RE: [Samba] Home Directories on the fly?
This baffled me for a while too. I eventually found a comment to a blog
article that answered the question. You have to add
obey pam restrictions = yes
to smb.conf
Also, I wouldn't leave /home/MYDOM with 777 perms.
Mike
-----Original Message-----
From: samba-bounces+mdavidson=mountwashington.org@lists.samba.org
[mailto:samba-bounces+mdavidson=mountwashington.org@lists.samba.org] On
Behalf Of Golden Butler
Sent: Friday, October 13, 2006 11:06 AM
To: Samba Mailing List
Subject: [Samba] Home Directories on the fly?
Hello all,
I have a functional samba/windind file server (SLES 10) thats a member
server of an Active Directory domain. I'm able to successfully resolve
user
and group accounts from AD. The problem I'm having is samba isn't
creating
home directories automatically when I try to map to a AD user share from Win
XP. What I am able to do is, when I ssh into the machine with an AD user,
it creates the the home directory. I can't figure out why because my
pam.d
configs are configured for this to happen. But obviously I'm missing
something. One thing I did try as a result from googling is changing the
/home/MYDOM directory to 777, but no cigar. Here's my pam.d configs and
smb.conf below. Thanks in advance.
/etc/pam.d/samba:
auth include common-auth
account include common-account
password include common-password
session include common-session
/etc/pam.d/sshd
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
/etc/pam.d/common-session
session required pam_mkhomedir.so
session required pam_limits.so
session required pam_unix2.so
======================================
/etc/samba/smb.conf:
[global]
workgroup = MYDOM
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
logon drive = H:
idmap gid = 10000-20000
idmap uid = 10000-20000
realm = MYDOM.ORG
security = ADS
template homedir = /home/%D/%U
template shell = /bin/bash
winbind refresh tickets = yes
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
On 13 Oct 2006, at 17:28, Aaron Kincer wrote:> .... > If this is the case, your home directory mapping is the job of > Active Directory itself..... > Golden Butler wrote: >> ... >> /etc/pam.d/samba: >> ... >> session include common-session >> ... >> /etc/pam.d/common-session >> session required pam_mkhomedir.so >> ...Hope this clarifies. Stroller.