On Wed, Jun 25, 2008 at 12:06:06PM -0500, Taylor Lewick
wrote:> Hi all. I've set up a test SuSe 10.2 linux machine that is
> authenticating against our active directory. Right now we just create
> users in AD, and then they can login to the unix box and using
> pam_mkhomedir. We don't add users to the /etc/passwd file, in fact, if
> you try and add a user using useradd -m once they've been setup in AD,
> you get a message saying account already exists.
>
> So Kerberos, AD, Samba, PAM and Winbind are all working.
>
> Right now, if a user logins to the linux box for the first time using
> ssh, it creates their home directory. Perfect.
>
> But I do have two questions.
>
> If they login to the box by mounting the samba share via windows, i.e.
> \\servername\share two directories are created. One for their AD
> username, and one for the machine name of their PC. Its not a big deal,
> but is there a way to disable or stop it from creating the machine name
> directory? We won't ever use that directory.
>
> Second, if for any reason we did lose connectivity to our domain
> controllers, no one could login to the Linux box since there are no
> accounts in /etc/passwd. So is there a way to set it up so that if the
> linux machine can't talk to the domain controller, then someone could
> still login to the box?
Check out the "winbind offline logon" parameter for details on
this :
http://wiki.samba.org/index.php/PAM_Offline_Authentication
Jeremy.