cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files winbind group: files winbind shadow: files gshadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis cat /etc/samba/smb.conf [global] security = ADS workgroup = SAMDOM realm = SAMDOM.EXAMPLE.COM log file = /var/log/samba/%m.log log level = 1 winbind refresh tickets = Yes dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind use default domain = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes idmap config * : backend = tdb idmap config * : range = 1000-2000 idmap config SAMDOM:backend = ad idmap config SAMDOM:schema_mode = rfc2307 idmap config SAMDOM:range = 2001-999999 idmap config SAMDOM:unix_nss_info = yes template homedir = /home/%U template shell = /bin/bash client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes winbind use default domain = yes restrict anonymous = 2 # fix dfs error's in log ? host msdfs = no # https://wiki.samba.org/index.php/PAM_Offline_Authentication winbind offline logon = yes winbind enum users = yes winbind enum groups = yes OS: Debian 10.4 Best Regards, On 08.07.20 15:39, Rowland penny via samba wrote:> On 08/07/2020 14:30, basti via samba wrote: >> Hello, >> on my samba AD i have set homedir to /home/users/<username>. > I take it you mean 'in' AD and not in the DC's smb.conf >> >> Now i have setup a linux client with pam-winbind and nss-winbind. >> >> getent passwd <username> show /home/users/<username> as home directory. >> >> And that's dir is create on login. >> Why it is use the path set on AD and not the path set in smb.conf ? >> >> >> grep home -r /etc/pam.d/ /etc/samba/smb.conf >> /etc/security/pam_winbind.conf >> /etc/pam.d/common-session:session??? optional??????????? pam_mkhomedir.so >> /etc/samba/smb.conf:?????? template homedir = /home/%U >> /etc/security/pam_winbind.conf:# create homedirectory on the fly >> /etc/security/pam_winbind.conf:mkhomedir = yes >> >> I would prefer /home/%U at this client. >> >> Best regards, >> > What OS > > Please post the [global] portion of your smb.conf > > Can you also post the contents of /etc/nsswitch.conf > > Rowland > > >
On 08/07/2020 15:15, basti via samba wrote:> cat /etc/nsswitch.conf > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages installed, try: > # `info libc "Name Service Switch"' for information about this file. > > passwd: files winbind > group: files winbind > shadow: files > gshadow: files > > hosts: files dns > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > > > cat /etc/samba/smb.conf > [global] > security = ADS > workgroup = SAMDOM > realm = SAMDOM.EXAMPLE.COM > > log file = /var/log/samba/%m.log > log level = 1 > > winbind refresh tickets = Yes > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > winbind use default domain = yes > > load printers = no > printing = bsd > printcap name = /dev/null > disable spoolss = yes > > idmap config * : backend = tdb > idmap config * : range = 1000-2000 > > idmap config SAMDOM:backend = ad > idmap config SAMDOM:schema_mode = rfc2307 > idmap config SAMDOM:range = 2001-999999 > idmap config SAMDOM:unix_nss_info = yes > > template homedir = /home/%U > template shell = /bin/bash > > client use spnego = yes > client ntlmv2 auth = yes > encrypt passwords = yes > winbind use default domain = yes > restrict anonymous = 2 > > # fix dfs error's in log ? > host msdfs = no > > # https://wiki.samba.org/index.php/PAM_Offline_Authentication > winbind offline logon = yes > > winbind enum users = yes > winbind enum groups = yes > > OS: Debian 10.4OK, which attribute have you set in AD 'homeDirectory' or 'unixHomeDirectory' ? Rowland
homeDirectory = unset unixHomeDirectory = /home/users/<username> I thought I could overwrite it with template homedir = /home/%U On 08.07.20 16:52, Rowland penny via samba wrote:> On 08/07/2020 15:15, basti via samba wrote: >> ? cat /etc/nsswitch.conf >> # /etc/nsswitch.conf >> # >> # Example configuration of GNU Name Service Switch functionality. >> # If you have the `glibc-doc-reference' and `info' packages installed, >> try: >> # `info libc "Name Service Switch"' for information about this file. >> >> passwd:???????? files winbind >> group:????????? files winbind >> shadow:???????? files >> gshadow:??????? files >> >> hosts:????????? files dns >> networks:?????? files >> >> protocols:????? db files >> services:?????? db files >> ethers:???????? db files >> rpc:??????????? db files >> >> netgroup:?????? nis >> >> >> cat /etc/samba/smb.conf >> [global] >> ??????? security = ADS >> ??????? workgroup = SAMDOM >> ??????? realm = SAMDOM.EXAMPLE.COM >> >> ??????? log file = /var/log/samba/%m.log >> ??????? log level = 1 >> >> ??????? winbind refresh tickets = Yes >> ??????? dedicated keytab file = /etc/krb5.keytab >> ??????? kerberos method = secrets and keytab >> ??????? winbind use default domain = yes >> >> ??????? load printers = no >> ??????? printing = bsd >> ??????? printcap name = /dev/null >> ??????? disable spoolss = yes >> >> ??????? idmap config * : backend = tdb >> ??????? idmap config * : range = 1000-2000 >> >> ??????? idmap config SAMDOM:backend = ad >> ??????? idmap config SAMDOM:schema_mode = rfc2307 >> ??????? idmap config SAMDOM:range = 2001-999999 >> ??????? idmap config SAMDOM:unix_nss_info = yes >> >> ??????? template homedir = /home/%U >> ??????? template shell = /bin/bash >> >> ??????? client use spnego = yes >> ??????? client ntlmv2 auth = yes >> ??????? encrypt passwords = yes >> ??????? winbind use default domain = yes >> ??????? restrict anonymous = 2 >> >> ??????? # fix dfs error's in log ? >> ??????? host msdfs = no >> >> ??????? # https://wiki.samba.org/index.php/PAM_Offline_Authentication >> ??????? winbind offline logon = yes >> >> ??????? winbind enum users = yes >> ??????? winbind enum groups = yes >> >> OS: Debian 10.4 > > OK, which attribute have you set in AD 'homeDirectory' or > 'unixHomeDirectory' ? > > Rowland > > > >