Il 31/05/21 17:47, Rowland penny via samba ha scritto:> [...] > What OS is this ?$ lsb_release -a No LSB modules are available. Distributor ID:??? Debian Description:??? Debian GNU/Linux 10 (buster) Release:??? 10 Codename:??? buster> Normally, the users Unix home directory is the one shown by 'getent > passwd USERNAME' ,mhhh.... in effect if I run the command getent passwd using a hostname instead of a username I get something similar to: # getent passwd <domain>\\<hostname>$ <domain>\<hostname>$:*:22110:10513::/home/<domain>/<hostname>_:/bin/bash There is something wrong in domain configuration?> So I have no idea where your extra folders are coming from. Can you > post your smb.conf and the contents of /etc/security/pam_winbind.conf$ testparm # Global parameters [global] ??? log file = /var/log/samba/log.%m ??? logging = file ??? map to guest = Bad User ??? max log size = 1000 ??? obey pam restrictions = Yes ??? pam password change = Yes ??? panic action = /usr/share/samba/panic-action %d ??? realm = AD.CSARICERCHE.COM ??? security = ADS ??? server min protocol = NT1 ??? server string = %h server ??? template shell = /bin/bash ??? usershare allow guests = Yes ??? winbind refresh tickets = Yes ??? wins server = 192.168.64.2 ??? workgroup = DOMINIOCSA ??? idmap config dominiocsa : range = 10000-24999 ??? idmap config dominiocsa : backend = rid ??? idmap config * : range = 3000-9999 ??? idmap config * : backend = tdb ??? printing = bsd [homes] ??? browseable = No ??? comment = Home Directories ??? create mask = 0700 ??? directory mask = 0700 ??? read only = No [printers] ??? browseable = No ??? comment = All Printers ??? create mask = 0700 ??? path = /var/spool/samba ??? printable = Yes [print$] ??? comment = Printer Drivers ??? path = /var/lib/samba/printers ??? write list = "@DOMINIOCSA\domain admins" [mailPDF] ??? comment = Conversione in PDF: consegna via email ??? lpq command ??? path = /tmp ??? printable = Yes ??? print command = /opt/scripts/bin/convertPDF.sh "%s" "%J" "%p" "%m" 'default' 1 [...] and this is my pam_winbind.conf (I omitted the rows that begin with # or ; and then I removed the empty rows): $ # grep -v ^[#\;].*$ /etc/security/pam_winbind.conf | grep -v ^[[:space:]]*$ [global] mkhomedir = yes
On 01/06/2021 08:08, Piviul via samba wrote:> > Il 31/05/21 17:47, Rowland penny via samba ha scritto: >> [...] >> What OS is this ? > $ lsb_release -a > No LSB modules are available. > Distributor ID:??? Debian > Description:??? Debian GNU/Linux 10 (buster) > Release:??? 10 > Codename:??? busterJust saying Debian buster would have been enough ?> > >> Normally, the users Unix home directory is the one shown by 'getent >> passwd USERNAME' , > > mhhh.... in effect if I run the command getent passwd using a hostname > instead of a username I get something similar to:Ah, I now know where the spurious home directories are coming from.> > # getent passwd <domain>\\<hostname>$ > > <domain>\<hostname>$:*:22110:10513::/home/<domain>/<hostname>_:/bin/bash > > There is something wrong in domain configuration?No, there is nothing wrong with the domain configuration (as such), but there is something wrong with your understanding of AD. A computer in AD is just a user with an extra objectclass (funnily enough, this objectclass is called 'computer'), so you shouldn't really be running getent using a computer name . This doesn't affect Linux unless your computers gain a uidNumber and congratulations, you appear to have found a bug. Can you try removing what you added to? /etc/security/pam_winbind.conf and then run pam-auth-update and ensure 'Create home directory on login' is enabled. This may cure your problem.> >>> So I have no idea where your extra folders are coming from. Can you >> post your smb.conf and the contents of /etc/security/pam_winbind.conf > > $ testparm > > # Global parameters > [global] > ??? log file = /var/log/samba/log.%m > ??? logging = file > ??? map to guest = Bad User > ??? max log size = 1000 > ??? obey pam restrictions = Yes > ??? pam password change = Yes > ??? panic action = /usr/share/samba/panic-action %d > ??? realm = AD.CSARICERCHE.COM > ??? security = ADS > ??? server min protocol = NT1 > ??? server string = %h server > ??? template shell = /bin/bash > ??? usershare allow guests = Yes > ??? winbind refresh tickets = Yes > ??? wins server = 192.168.64.2'wins' in AD ????? Rowland