Derek Cordeiro
2011-Aug-31 14:47 UTC
[Samba] Auto creation of home directories on Samba-3.5.4(CentOS 6) using PAM authenticating via ADS
Hi,
I have installed samba 3.5.4 on Centos 6 and have set it up to
authenticate to a Windows 2008 Domain Controller. When I do a "su -
some-domain-user", the home directory gets created. However, I want
the home directory to be created when a user accesses the samba
shares(no shell access). Following are the relevant configurations.
What are the PAM changes I need to make? Help is much appreciated.
==smb.conf=[global]
workgroup = RADON
realm = RADON.LAB
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /sbin/nologin
winbind use default domain = true
winbind offline logon = false
domain master = no
obey pam restrictions = yes
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
passdb backend = tdbsam
[homes]
comment = Home Directories
browseable = no
writable = yes
[public]
comment = Public Stuff
path = /home/shared
public = yes
writable = yes
printable = no
==/etc/pam.d/samba=#%PAM-1.0
auth required pam_nologin.so
auth include password-auth
account include password-auth
session include password-auth
password include password-auth
==/etc/pam.d/password-auth=#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 typepassword
sufficient pam_unix.so sha512 shadow nullok
try_first_pass use_authtok
password sufficient pam_krb5.so use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so
session optional pam_mkhomedir.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session required pam_unix.so
session optional pam_krb5.so
------------------------------------------------------------------------------------------------
Regards,
Derek
TAKAHASHI Motonobu
2011-Sep-01 15:34 UTC
[Samba] Auto creation of home directories on Samba-3.5.4(CentOS 6) using PAM authenticating via ADS
From: Derek Cordeiro <cordeiroderek at gmail.com> Date: Wed, 31 Aug 2011 20:17:43 +0530> I have installed samba 3.5.4 on Centos 6 and have set it up to > authenticate to a Windows 2008 Domain Controller. When I do a "su - > some-domain-user", the home directory gets created. However, I want > the home directory to be created when a user accesses the samba > shares(no shell access). Following are the relevant configurations. > What are the PAM changes I need to make? Help is much appreciated.I met same problem with Samba 3.5.6 on Squeeze. A workaround is to use "root preexec" instead of pam_mkhomedir or "pam_winbind.so mkhomedir", both of which do not work as far as I examined. http://lists.samba.org/archive/samba/2011-February/161118.html At least Debian lenny and CentOS 5.4, pam_mkhomedir worked. --- TAKAHASHI Motonobu <monyo at samba.gr.jp>