[Samba] Regular users can't log in to Samba AD DC from Windows
Alnis Morics
alnis.moritz at gmail.com
Mon Feb 6 12:47:21 UTC 2017
On 02/06/2017 13:36, Rowland Penny via samba wrote:
> On Mon, 6 Feb 2017 12:57:19 +0200
> Alnis Morics via samba <samba at lists.samba.org> wrote:
>
>>
>>
>> On 02/06/2017 11:48, Rowland Penny via samba wrote:
>>> On Mon, 6 Feb 2017 11:11:09 +0200
>>> Alnis Morics via samba <samba at lists.samba.org> wrote:
>>>
>>>> Thank you, Rowland, for the reply.
>>>>
>>>
>>>> And the nss tests as per Wiki seem to pass:
>>>>
>>>
>>>>
>>>> # getent passwd Administrator
>>>> RW\administrator:*:0:20::/home/administrator:/usr/sbin/nologin
>>>>
>>>> # getent passwd user1
>>>> RW\user1:*:3000017:20:User1 Tester1:/home/user1:/usr/sbin/nologin
>>>
>>> The above is interesting, you don't have a template homedir line in
>>> smb.conf but you have '/home/username' instead of
>>> '/home/RW/username'
>>
>> Oh, yes, didn't notice that. But the directory doesn't actually
>> exist. I guess it would be created on first logon which has not yet
>> occurred ?) And I can't login with it locally (I would need PAM
>> configured for it, right?)>
>
> Yes, you need to get PAM to create the users homedir with pam_mkhomedir
>
>> Although, when I create a FreeBSD user ("pw useradd testuser -m
>> /home/testuser"), the home directory is immediately created without
>> loging in.
>
> That's because you are telling the command to create the homedir
>
>>
>> I tried now to create a user explicitly telling the home directory:
>> samba-tool user create user2 Pa$$w0rd --surname=Tester2
>> --given-name=User2 --mail-address=user2 at rw.lan
>> --home-directory=/home/RW/user2
>>
>> getent passwd user2
>> RW\user2:*:3000020:20:User2 Tester2:/home/RW/user2:/usr/sbin/nologin
>>
>> But otherwise nothing changes: directory isn't created, and I can't
>> login from Windows. And the logs repeat the same thing.
>
> samba-tool doesn't create the homedirs, it populates an attribute in AD
> and PAM reads this and creates the home dir at first login.
I see. But I don't necessarily need homedirs and hence PAM configured
just to log in from Windows and access a file share from there, do I? Or
even just to log in on Windows to the domain.
Alnis
More information about the samba
mailing list