thr3ads.net - samba - [Samba] Winbind login overwrite homedir [Jul 2020]

If this information is useful, please help other people find it:
Share via:

basti

2020-Jul-08 14:15 UTC

[Samba] Winbind login overwrite homedir

cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this
file.

passwd:         files winbind
group:          files winbind
shadow:         files
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis


cat /etc/samba/smb.conf
[global]
       security = ADS
       workgroup = SAMDOM
       realm = SAMDOM.EXAMPLE.COM

       log file = /var/log/samba/%m.log
       log level = 1

       winbind refresh tickets = Yes
       dedicated keytab file = /etc/krb5.keytab
       kerberos method = secrets and keytab
       winbind use default domain = yes

       load printers = no
       printing = bsd
       printcap name = /dev/null
       disable spoolss = yes

       idmap config * : backend = tdb
       idmap config * : range = 1000-2000

       idmap config SAMDOM:backend = ad
       idmap config SAMDOM:schema_mode = rfc2307
       idmap config SAMDOM:range = 2001-999999
       idmap config SAMDOM:unix_nss_info = yes

       template homedir = /home/%U
       template shell = /bin/bash

       client use spnego = yes
       client ntlmv2 auth = yes
       encrypt passwords = yes
       winbind use default domain = yes
       restrict anonymous = 2

       # fix dfs error's in log ?
       host msdfs = no

       # https://wiki.samba.org/index.php/PAM_Offline_Authentication
       winbind offline logon = yes

       winbind enum users = yes
       winbind enum groups = yes

OS: Debian 10.4

Best Regards,

On 08.07.20 15:39, Rowland penny via samba wrote:> On 08/07/2020 14:30, basti via samba wrote:
>> Hello,
>> on my samba AD i have set homedir to /home/users/<username>.
> I take it you mean 'in' AD and not in the DC's smb.conf
>>
>> Now i have setup a linux client with pam-winbind and nss-winbind.
>>
>> getent passwd <username> show /home/users/<username> as
home directory.
>>
>> And that's dir is create on login.
>> Why it is use the path set on AD and not the path set in smb.conf ?
>>
>>
>> grep home -r /etc/pam.d/ /etc/samba/smb.conf
>> /etc/security/pam_winbind.conf
>> /etc/pam.d/common-session:session??? optional???????????
pam_mkhomedir.so
>> /etc/samba/smb.conf:?????? template homedir = /home/%U
>> /etc/security/pam_winbind.conf:# create homedirectory on the fly
>> /etc/security/pam_winbind.conf:mkhomedir = yes
>>
>> I would prefer /home/%U at this client.
>>
>> Best regards,
>>
> What OS
> 
> Please post the [global] portion of your smb.conf
> 
> Can you also post the contents of /etc/nsswitch.conf
> 
> Rowland
> 
> 
>

Rowland penny

2020-Jul-08 14:52 UTC

head link

[Samba] Winbind login overwrite homedir

On 08/07/2020 15:15, basti via samba wrote:>   cat /etc/nsswitch.conf
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages
installed, try:
> # `info libc "Name Service Switch"' for information about
this file.
>
> passwd:         files winbind
> group:          files winbind
> shadow:         files
> gshadow:        files
>
> hosts:          files dns
> networks:       files
>
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
>
> netgroup:       nis
>
>
> cat /etc/samba/smb.conf
> [global]
>         security = ADS
>         workgroup = SAMDOM
>         realm = SAMDOM.EXAMPLE.COM
>
>         log file = /var/log/samba/%m.log
>         log level = 1
>
>         winbind refresh tickets = Yes
>         dedicated keytab file = /etc/krb5.keytab
>         kerberos method = secrets and keytab
>         winbind use default domain = yes
>
>         load printers = no
>         printing = bsd
>         printcap name = /dev/null
>         disable spoolss = yes
>
>         idmap config * : backend = tdb
>         idmap config * : range = 1000-2000
>
>         idmap config SAMDOM:backend = ad
>         idmap config SAMDOM:schema_mode = rfc2307
>         idmap config SAMDOM:range = 2001-999999
>         idmap config SAMDOM:unix_nss_info = yes
>
>         template homedir = /home/%U
>         template shell = /bin/bash
>
>         client use spnego = yes
>         client ntlmv2 auth = yes
>         encrypt passwords = yes
>         winbind use default domain = yes
>         restrict anonymous = 2
>
>         # fix dfs error's in log ?
>         host msdfs = no
>
>         # https://wiki.samba.org/index.php/PAM_Offline_Authentication
>         winbind offline logon = yes
>
>         winbind enum users = yes
>         winbind enum groups = yes
>
> OS: Debian 10.4
OK, which attribute have you set in AD 'homeDirectory' or 
'unixHomeDirectory' ?

Rowland

basti

2020-Jul-08 15:02 UTC

head link

[Samba] Winbind login overwrite homedir

homeDirectory = unset
unixHomeDirectory = /home/users/<username>

I thought I could overwrite it with template homedir = /home/%U


On 08.07.20 16:52, Rowland penny via samba wrote:> On 08/07/2020 15:15, basti via samba wrote:
>> ? cat /etc/nsswitch.conf
>> # /etc/nsswitch.conf
>> #
>> # Example configuration of GNU Name Service Switch functionality.
>> # If you have the `glibc-doc-reference' and `info' packages
installed,
>> try:
>> # `info libc "Name Service Switch"' for information about
this file.
>>
>> passwd:???????? files winbind
>> group:????????? files winbind
>> shadow:???????? files
>> gshadow:??????? files
>>
>> hosts:????????? files dns
>> networks:?????? files
>>
>> protocols:????? db files
>> services:?????? db files
>> ethers:???????? db files
>> rpc:??????????? db files
>>
>> netgroup:?????? nis
>>
>>
>> cat /etc/samba/smb.conf
>> [global]
>> ??????? security = ADS
>> ??????? workgroup = SAMDOM
>> ??????? realm = SAMDOM.EXAMPLE.COM
>>
>> ??????? log file = /var/log/samba/%m.log
>> ??????? log level = 1
>>
>> ??????? winbind refresh tickets = Yes
>> ??????? dedicated keytab file = /etc/krb5.keytab
>> ??????? kerberos method = secrets and keytab
>> ??????? winbind use default domain = yes
>>
>> ??????? load printers = no
>> ??????? printing = bsd
>> ??????? printcap name = /dev/null
>> ??????? disable spoolss = yes
>>
>> ??????? idmap config * : backend = tdb
>> ??????? idmap config * : range = 1000-2000
>>
>> ??????? idmap config SAMDOM:backend = ad
>> ??????? idmap config SAMDOM:schema_mode = rfc2307
>> ??????? idmap config SAMDOM:range = 2001-999999
>> ??????? idmap config SAMDOM:unix_nss_info = yes
>>
>> ??????? template homedir = /home/%U
>> ??????? template shell = /bin/bash
>>
>> ??????? client use spnego = yes
>> ??????? client ntlmv2 auth = yes
>> ??????? encrypt passwords = yes
>> ??????? winbind use default domain = yes
>> ??????? restrict anonymous = 2
>>
>> ??????? # fix dfs error's in log ?
>> ??????? host msdfs = no
>>
>> ??????? # https://wiki.samba.org/index.php/PAM_Offline_Authentication
>> ??????? winbind offline logon = yes
>>
>> ??????? winbind enum users = yes
>> ??????? winbind enum groups = yes
>>
>> OS: Debian 10.4
> 
> OK, which attribute have you set in AD 'homeDirectory' or
> 'unixHomeDirectory' ?
> 
> Rowland
> 
> 
> 
>

Seemingly Similar Threads

Search for more possibly parallel threads

samba - Jul 2020 - Winbind login overwrite homedir

[Samba] Winbind login overwrite homedir

[Samba] Winbind login overwrite homedir

[Samba] Winbind login overwrite homedir

Seemingly Similar Threads