Info on Winbind drastically needed please.

Mark Cooke mark at extension2.freeserve.co.uk
Mon Jan 7 14:37:05 GMT 2002


So am I correct in thinking that for every user that tries to log in
using winbind, that even though it says in the smb.conf file:
 template homedir = /home/%D/%U

that you have to manually create every user's home dir that may login to
the linux box?

As we have about 350 users on out NT domain, its seems a bit excessive
to manually do that for every user that might login.

I assumed that as it says template, that it would use a template to
create a users home dir.

If this is incorrect, would it be implemented in the future on samba to
automatically create the user is the user is successfully authenticated
?


On Mon, 2002-01-07 at 21:28, MCCALL,DON (HP-USA,ex1) wrote:
> Hello Mark,
> I could be wrong, but I don't believe that winbindd, etc has any provision
> for CREATING the home directory for the user when he telnets in.  The
> 'template homedir'  parameter simply tells winbind what to pass back to the
> getXbyY system calls that the unix login, etc programs are using to get user
> information.  So the home directories must exist.  Otherwise if you have a
> shell/login daemon that will not allow you to make your pwd "/"  or the root
> directory (which is what in my experience is done on HPUX when the home
> directory information, for instance in the /etc/passwd file, is incorrect)
> then you would get the behavior you talk about.  Since it is the UNIX login
> process that is refusing to allow the login to complete (probably because it
> doesn't like the idea of a normal user having '/' as its working directory)
> you aren't going to see any messages relating to the failure in any of the
> samba logs.
> 
> Just my 2 cents worth,
> don
> 
> -----Original Message-----
> From: Mark Cooke [mailto:mark at extension2.freeserve.co.uk]
> Sent: Monday, January 07, 2002 3:58 PM
> To: Samba-Technical "(E-post)
> Subject: Info on Winbind drastically needed please.
> 
> 
> Hi All,
> 
> First off I'll start by apologising that this maybe the incorrect list
> to ask some of these questions, but If someone could possibly take a
> moment to help me out (as Ive tried posting to over samba lists and the
> redhat lists), I would be very grateful..
> 
> Basically Ive been trying for about 2 weeks to try to get my Linux box
> to talk to our PDC on an NT server at work and to be honest It's really
> starting to get to me.
> 
> I'm using samba-2.2.2-8 from RedHat rawhide on RH 7.1.
> 
> I ve installed it correctly and copied over the correct files and edited
> my smb.conf as below:
> 
> 
> [global]
> 
> # Winbind configuration
>     winbind separator = +
>     winbind cache time = 10
>     template shell = /bin/bash
>     template homedir = /home/%D/%U
>     winbind uid = 10000-20000
>     winbind gid = 10000-20000
> 
> # workgroup = NT-Domain-Name or Workgroup-Name
>     workgroup = TUX
> 
> # Security mode. Most people will want user level security. See
> # security_level.txt for details.
>     security = domain
> 
> # Use password server option only with security = server
> # The argument list may include:
> #   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
> # or to auto-locate the domain controller/s
> #   password server = *
>     password server = THOR
> 
> # You may wish to use password encryption. Please read
> # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
> # Do not enable this option unless you have read those documents
>     encrypt passwords = yes
> ;   smb passwd file = /etc/samba/smbpasswd
> 
> 
> Our domain shall we say is called TUX.
> 
> In /etc/nsswitch.conf put the following:
> 
> passwd:     files winbind
> group:      files winbind
> 	
> Ive managed to get the linux box to join the domain using:
> 
> smbpasswd -j TUX -r THOR -U admin.
> 
> So then (to keep things simple), altered /etc/pam.d/login to read
> (I am at the console trying to login):
> 
> auth       required     /lib/security/pam_securetty.so
> auth       required     /lib/security/pam_nologin.so
> auth       sufficient   /lib/security/pam_winbind.so
> auth       required     /lib/security/pam_pwdb.so use_first_pass shadow
> nullok
> account required /lib/security/pam_winbind.so
> #account    required     /lib/security/pam_stack.so service=system-auth
> password   required     /lib/security/pam_stack.so service=system-auth
> session    required     /lib/security/pam_stack.so service=system-auth
> session    required     /lib/security/pam_console.so
> 
> then I started winbindd and also both samba services.
> 
> I can list all the NT Domasin users using:getent passwd and getent group
> 
> but, when I try to login, it authenticicates ok (after checking
> /var/log/.messages), but after typing in hte password, it brings up the
> issue screen, then very quickly an error about not being able to create
> the users directory (but nothing is displayed in the logs at all)
> It logs in o.k, and displays the issue msg and then logs me out straight
> away.
> Also there is nothing related to this in the samba logs either.
> /var/log/messages/:
> 
> Jan  7 10:08:07 scaramanga pam_winbind[22583]: user 'TUX+admin' granted
> acces
> Jan  7 10:08:07 scaramanga pam_winbind[22583]: user 'TUX+admin' granted
> acces
> Jan  7 10:08:07 scaramanga login(pam_unix)[22583]: session opened for
> user TUX+admin by LOGIN(uid=0)
> Jan  7 10:08:07 scaramanga  -- TUX+admin[22583]: LOGIN ON tty1 BY
> TUX+admin
> Jan  7 10:08:07 scaramanga login(pam_unix)[22583]: session closed for
> user TUX+admin
> 
> Again Iam sorry if this is the wrong list,but I figured that being the
> developers list hopefully someone could help he out, as someone would
> have abit more knowledge of how winbind works here.
> 
> The way I can see it is that once you logged in then samba should create
> the directorys for you, ie /home/TUX/admin in this case
> 
> rather than manually creating them before the user logs in.
> 
> Thanks in Advnace 
> 
> Mark
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 	
> 
> 
> 
> -- 
>  
> ----
>         A penguin a day keeps the fatal exceptions away...
>         
>                               Registered Linux User: 208939
>                              	Licq: 119422259
> 
> 
-- 
 
----
        A penguin a day keeps the fatal exceptions away...
        
                              Registered Linux User: 208939
                             	Licq: 119422259





More information about the samba-technical mailing list