creating samba accounts on first login

Riley Griffin griffiri at mnstate.edu
Thu Jul 26 18:32:04 GMT 2007 

Hello all!  I am trying to setup a small lab of centos5 computers
for students attending my university.  The lab machines authenticate
against a mysql database using pam_mysql.  All the home directories
of the students are kept on a samba server and mounted to the lab
computers in /home.  The samba server and all the lab machines have
the same passwd file and they are kept updated through scripts.  If
the person logging in has a samba username/password and already has
a home directory on the samba server then everything works fine,
authentication works great, they get thier files, no one else has
rights to them.  Its a perfect situation.  My problem occurs when a
new user wishes to login for the first time.  I am currently stuck
on trying to do two things:

1. Create home directories on the samba mount for the new user.
   (I was able to do this if root on the lab machine is not
    not squashed but this is a security problem)

2. sync the password used for authentication to the smbpasswd
   file on the samba server.

This may be a problem with my config files, to tell you the truth
I really dont understand exactly how to configure things in
/etc/samba/smb.conf

I am trying to use pam_mount to trigger the samba file on the samba
server which then in turn has a line that uses pam_mkhomedir.so to
create the home directories on first login.

I am also trying to use pam_smbpass.so to sync the username and
password to the smbpasswd file.

here is my pam file for login:

############################################################################

auth            requisite       pam_nologin.so
session         required        pam_env.so readenv=1
auth            optional        pam_smbpass.so migrate debug audit
auth            sufficient      pam_unix.so use_first_pass
auth            required        pam_mount.so
auth            required        pam_mysql.so ***Auth Stuff***
auth            optional        pam_group.so
account         include     common-account
session         include     common-session
session         required   pam_limits.so
password        include    common-password

############################################################################

Please note:  The reason I have the pam_smbpass line above the pam_unix line
              is because I need the pam_unix line to be sufficient so that
              local root logins are possible.

If anyone has any suggestions or a better way to get the same result please
let me know :)

More information about the samba-technical mailing list