Info on Winbind drastically needed please.
Mark Cooke
mark at extension2.freeserve.co.uk
Mon Jan 7 14:37:05 GMT 2002
So am I correct in thinking that for every user that tries to log in
using winbind, that even though it says in the smb.conf file:
template homedir = /home/%D/%U
that you have to manually create every user's home dir that may login to
the linux box?
As we have about 350 users on out NT domain, its seems a bit excessive
to manually do that for every user that might login.
I assumed that as it says template, that it would use a template to
create a users home dir.
If this is incorrect, would it be implemented in the future on samba to
automatically create the user is the user is successfully authenticated
?
On Mon, 2002-01-07 at 21:28, MCCALL,DON (HP-USA,ex1) wrote:
> Hello Mark,
> I could be wrong, but I don't believe that winbindd, etc has any provision
> for CREATING the home directory for the user when he telnets in. The
> 'template homedir' parameter simply tells winbind what to pass back to the
> getXbyY system calls that the unix login, etc programs are using to get user
> information. So the home directories must exist. Otherwise if you have a
> shell/login daemon that will not allow you to make your pwd "/" or the root
> directory (which is what in my experience is done on HPUX when the home
> directory information, for instance in the /etc/passwd file, is incorrect)
> then you would get the behavior you talk about. Since it is the UNIX login
> process that is refusing to allow the login to complete (probably because it
> doesn't like the idea of a normal user having '/' as its working directory)
> you aren't going to see any messages relating to the failure in any of the
> samba logs.
>
> Just my 2 cents worth,
> don
>
> -----Original Message-----
> From: Mark Cooke [mailto:mark at extension2.freeserve.co.uk]
> Sent: Monday, January 07, 2002 3:58 PM
> To: Samba-Technical "(E-post)
> Subject: Info on Winbind drastically needed please.
>
>
> Hi All,
>
> First off I'll start by apologising that this maybe the incorrect list
> to ask some of these questions, but If someone could possibly take a
> moment to help me out (as Ive tried posting to over samba lists and the
> redhat lists), I would be very grateful..
>
> Basically Ive been trying for about 2 weeks to try to get my Linux box
> to talk to our PDC on an NT server at work and to be honest It's really
> starting to get to me.
>
> I'm using samba-2.2.2-8 from RedHat rawhide on RH 7.1.
>
> I ve installed it correctly and copied over the correct files and edited
> my smb.conf as below:
>
>
> [global]
>
> # Winbind configuration
> winbind separator = +
> winbind cache time = 10
> template shell = /bin/bash
> template homedir = /home/%D/%U
> winbind uid = 10000-20000
> winbind gid = 10000-20000
>
> # workgroup = NT-Domain-Name or Workgroup-Name
> workgroup = TUX
>
> # Security mode. Most people will want user level security. See
> # security_level.txt for details.
> security = domain
>
> # Use password server option only with security = server
> # The argument list may include:
> # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
> # or to auto-locate the domain controller/s
> # password server = *
> password server = THOR
>
> # You may wish to use password encryption. Please read
> # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
> # Do not enable this option unless you have read those documents
> encrypt passwords = yes
> ; smb passwd file = /etc/samba/smbpasswd
>
>
> Our domain shall we say is called TUX.
>
> In /etc/nsswitch.conf put the following:
>
> passwd: files winbind
> group: files winbind
>
> Ive managed to get the linux box to join the domain using:
>
> smbpasswd -j TUX -r THOR -U admin.
>
> So then (to keep things simple), altered /etc/pam.d/login to read
> (I am at the console trying to login):
>
> auth required /lib/security/pam_securetty.so
> auth required /lib/security/pam_nologin.so
> auth sufficient /lib/security/pam_winbind.so
> auth required /lib/security/pam_pwdb.so use_first_pass shadow
> nullok
> account required /lib/security/pam_winbind.so
> #account required /lib/security/pam_stack.so service=system-auth
> password required /lib/security/pam_stack.so service=system-auth
> session required /lib/security/pam_stack.so service=system-auth
> session required /lib/security/pam_console.so
>
> then I started winbindd and also both samba services.
>
> I can list all the NT Domasin users using:getent passwd and getent group
>
> but, when I try to login, it authenticicates ok (after checking
> /var/log/.messages), but after typing in hte password, it brings up the
> issue screen, then very quickly an error about not being able to create
> the users directory (but nothing is displayed in the logs at all)
> It logs in o.k, and displays the issue msg and then logs me out straight
> away.
> Also there is nothing related to this in the samba logs either.
> /var/log/messages/:
>
> Jan 7 10:08:07 scaramanga pam_winbind[22583]: user 'TUX+admin' granted
> acces
> Jan 7 10:08:07 scaramanga pam_winbind[22583]: user 'TUX+admin' granted
> acces
> Jan 7 10:08:07 scaramanga login(pam_unix)[22583]: session opened for
> user TUX+admin by LOGIN(uid=0)
> Jan 7 10:08:07 scaramanga -- TUX+admin[22583]: LOGIN ON tty1 BY
> TUX+admin
> Jan 7 10:08:07 scaramanga login(pam_unix)[22583]: session closed for
> user TUX+admin
>
> Again Iam sorry if this is the wrong list,but I figured that being the
> developers list hopefully someone could help he out, as someone would
> have abit more knowledge of how winbind works here.
>
> The way I can see it is that once you logged in then samba should create
> the directorys for you, ie /home/TUX/admin in this case
>
> rather than manually creating them before the user logs in.
>
> Thanks in Advnace
>
> Mark
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
> ----
> A penguin a day keeps the fatal exceptions away...
>
> Registered Linux User: 208939
> Licq: 119422259
>
>
--
----
A penguin a day keeps the fatal exceptions away...
Registered Linux User: 208939
Licq: 119422259
More information about the samba-technical
mailing list