winbindd and user home creation
Gerald (Jerry) Carter
jerry at samba.org
Sun Jan 6 16:48:31 GMT 2002
On Sun, 6 Jan 2002, Trevor Avery wrote:
> The two suggestions for creating the home directories are fine, but
> can anyone be more specific with what a "preexec" script is or how to
> incorporate that into the homes section? Also, I have searched for
Did you read the manpage? I also posted and example script.
> pam_mkhomedir and have found scant information. Please post a link to
> more information. Preferably a location that has a "recipe" of sorts
> to get home directories created.
The mkhomedir info is included with the Linux-PAM docs.
Session component
Recognized arguments:
debug; skel=skeleton-dir; umask=octal-umask;
Description:
This module is useful for distributed systems where
the user account is managed in a central database
(such as NIS, NIS+, or LDAP) and accessed through multiple
systems. It frees the administrator from
having to create a default home directory on each of
the systems by creating it upon the first succesfully
authenticated login of that user. The skeleton
directory (usually /etc/skel/) is used to copy default
files and also set's a umask for the creation.
The behavior of this module can be modified with one of the
following flags:
+ skel - The skeleton directory for default files to
copy to the new home directory.
+ umask - An octal for of the same format as you would
pass to the shells umask command.
Examples/suggested usage:
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
> A new question: Can group shares be setup for winbind accounts? i.e.
> will the group information be read from the NT accounts so that shares
> can be setup for groups as well as individuals? Does this have to be
> done through a module like pam_mkhomedir or can the directories be
> hard coded for group access and shared via samba to be accessed by
> users without recreating directories all the time?
Yes. This will work. You need to install the nss winbind module
so you can do things like
# chgrp "Domain Users" /export/group1
# chmod 770 /export/group1
Then create a group share in smb.conf like
[group1]
path = /export/group1
valid users = " @"Domain Users" "
chau, jerry
---------------------------------------------------------------------
Hewlett-Packard http://www.hp.com
SAMBA Team http://www.samba.org
-- http://www.plainjoe.org
"Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2
--"I never saved anything for the swim back." Ethan Hawk in Gattaca--
More information about the samba
mailing list