winbindd and user home creation

Gerald (Jerry) Carter jerry at samba.org
Sun Jan 6 16:48:31 GMT 2002


On Sun, 6 Jan 2002, Trevor Avery wrote:

> The two suggestions for creating the home directories are fine, but
> can anyone be more specific with what a "preexec" script is or how to
> incorporate that into the homes section? Also, I have searched for

Did you read the manpage?  I also posted and example script.

> pam_mkhomedir and have found scant information. Please post a link to
> more information. Preferably a location that has a "recipe" of sorts
> to get home directories created.

The mkhomedir info is included with the Linux-PAM docs.

  Session component

   Recognized arguments:
          debug; skel=skeleton-dir; umask=octal-umask;

   Description:
        This  module  is  useful for distributed systems where
	the user account is managed in a central database
	(such  as  NIS,  NIS+,  or  LDAP) and accessed through multiple
	systems. It frees the administrator from
        having  to  create  a  default  home  directory  on  each  of
	the systems by creating it upon the first succesfully
	authenticated  login  of  that user. The skeleton
	directory (usually /etc/skel/) is used to copy default
	files and also set's a umask for the creation.

        The behavior of this module can be modified with one of the
	following flags:

          + skel - The skeleton directory for default files to
	  copy to the new home directory.
          + umask - An octal for of the same format as you would
 	  pass to the shells umask command.

   Examples/suggested usage:

   session required pam_mkhomedir.so skel=/etc/skel/ umask=0022


> A new question: Can group shares be setup for winbind accounts? i.e.
> will the group information be read from the NT accounts so that shares
> can be setup for groups as well as individuals? Does this have to be
> done through a module like pam_mkhomedir or can the directories be
> hard coded for group access and shared via samba to be accessed by
> users without recreating directories all the time?

Yes.  This will work.  You need to install the nss winbind module
so you can do things like

   # chgrp "Domain Users" /export/group1
   # chmod 770 /export/group1

Then create a group share in smb.conf like

	[group1]
		path = /export/group1
		valid users = " @"Domain Users" "






chau, jerry
 ---------------------------------------------------------------------
 Hewlett-Packard                                     http://www.hp.com
 SAMBA Team                                       http://www.samba.org
 --                                            http://www.plainjoe.org
 "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN 0-672-32269-2
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--





More information about the samba mailing list