[Samba] Computer Accounts in Samba 3.0.2a

Michael Archick archickm at ccsu.edu
Mon Apr 12 18:53:20 GMT 2004

I have a SAMBA 3.0.2a server running against AD.  Everything works fine.
I've modified my /etc/pam.d/samba to create account and share on the fly.
What I'm looking for is for samba/pam not to create a share for the computer
account accessing the share.


Here's my configs:


# main - domain membership and security
        workgroup = CCSU_ACA_COMP
        server string = File Server
        obey pam restrictions = yes
        security = ADS
        realm = STUDENTS.CCSU.EDU
        encrypt passwords = yes
        smb passwd file = /etc/samba/smbpasswd
        interfaces = lo eth0
        max log size = 10000
        client NTLMv2 auth = Yes
        client lanman auth = No
        client plaintext auth = No
        load printers = No
        log level = 2 passdb:2 auth:2 winbind:2

# netbios config
        # setting to 'no' disables other domains users shares to be created
        # in general the user will be rejected since the account name is not
        # being cached by winbind
#       allow trusted domains = no
        lm announce = no
        local master = no
        domain master = no
        os level = 0

# winbind config
        winbind uid = 10000-30000
        winbind gid = 10000-30000
        winbind enum users = no
        winbind enum groups = no
        template homedir = /cifs/users/%U
        template shell = /bin/false
        winbind separator = #


        comment = Home Directory
        browsable = no
        writable = yes
        valid users = %D#%U
        invalid users = @"%D#Domain Computers"
        create mode = 0664
        directory mode = 0775

auth required pam_nologin.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_mkhomedir.so skel=/etc/skelfile umask=0022
#session required pam_script.so onsessionopen="/etc/samba/add_user.sh"
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth

More information about the samba mailing list