[Samba] pam_winbind and home folders
Piviul
piviul at riminilug.it
Fri Dec 16 07:49:52 UTC 2022
On 12/15/22 10:02, Rowland Penny via samba wrote:
> On 15/12/2022 08:23, Piviul via samba wrote:
>> Sorry for the answer delay...
>>
>> On 12/2/22 14:13, Rowland Penny via samba wrote:
>>> I think you are going to have to give us more info. For some reason,
>>> PAM seems to be treating the computers as users (which they are in
>>> AD, but rather special users), also it isn't winbind that creates
>>> home directories, it is a PAM plugin.
>>
>> yes, you are right, in effect I can't find PC names in users
>>
>> $ wbinfo --domain-users | grep $(hostname)
>> $
>>
>> or in groups
>>
>> $ wbinfo --domain-groups | grep $(hostname)
>> $
>>
>> but for PAM the PC is a user:
>>
>> $ getent passwd $(wbinfo --own-domain)\\$(hostname)$
>> DOMINIOCSA\psala-lx$:*:21298:10513::/home/DOMINIOCSA/psala-lx_:/bin/bash
>
> No that isn't PAM, it is a combination of winbind and nsswitch, though
> it looks like there is a bug, '10513' is undoubtedly Domain Users and
> a computers primary group is Domain Computers.
ok, it isn't PAM... so do you think it's a bug but not related to the
idmap backend I use and even migrating the idmap backend from rid to ad,
PAM will continue to create PCs home folders because windbind will
continue to say that PCs are users and have "Domain Users" as a primary
group, didn't you?
> [...]
> There has to be a reason why you are using a dead OS and a dead
> version of Samba, but it escapes me.
no, I don't use it any more; I would only underline that if it is a bug
is an old bug.
> [...]
> It looks like you are using the 'rid' idmap backend and if so, there
> is a bug for this, see here:
>
> https://bugzilla.samba.org/show_bug.cgi?id=13371
I can't understand 😕... seems that this bug is not present on build
from samba-4.10.0 but I find it on samba 4.17.3...
> But your problem puts another slant on it, care to add to it ?
yes continue to remove empty PCs home folders, it's not a big problem...
So do you suggest me to live with it, to do nothing, didn't you?
Have a great day
Piviul
More information about the samba
mailing list