[Samba] How do I get pam_mkhomedir to work

[Ganguly, Sapan]

I'm using RedHat 9.0 and it works, here is what my files look like -

/etc/pam.d/login looks like this -   The authconfig tool in RedHat did
everything except the pam_mkhomedir.so bit.

#%PAM-1.0
auth       required     pam_securetty.so
auth       sufficient   pam_UNIX.so use_first_pass
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_mkhomedir.so umask=0022
session    optional     pam_console.so

My /etc/pam.d/gdm looks like this -

#%PAM-1.0
auth       required     pam_env.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so
session    required     pam_mkhomedir.so skel=/etc/skel umask=0022

/etc/pam.d/system-auth looks like this -

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_smb_auth.so use_first_pass 
nolocal
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok
md5 shadow
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so


I also use 'winbind use default domain = yes' in smb.conf.

Sapan

-----Original Message-----
From: Tim Simpson [mailto:tsimpson at dundeecity.gov.uk] 
Sent: 03 February 2004 16:41
To: samba at lists.samba.org
Subject: [Samba] How do I get pam_mkhomedir to work


Message follows this disclaimer
----------------------------------------------------------------------------
----------------------
This email and any files transmitted with it is confidential and intended
solely for the person or organisation to whom it is addressed.  If you are
not the intended recipient, you must not read, copy or disseminate the
information or take any action in reliance on it and it would be appreciated
if you would also notify the sender by reply email and then delete this
email immediately. All messages passing out of this gateway are checked for
viruses but 
Dundee City Council strongly recommends that you check for viruses using 
your own virus scanner as the Council will not take responsibility for any
damage caused as a result of virus infection.
----------------------------------------------------------------------------
----------------------


Sorry if this is a simple question but I have been struggling for many days
trying to samba-3.0.2rc2 working with a win2k AD

wbinfo -t works
wbinfo -u works
wbinfo -g works

getent passwd username works

sharing dirs works

in fact everything seems to work with the exception of a users directory
being created using pam_mkhomedir.so

I am running on Redhat 9   with Samba 3.0.2rc2

Samba was built using the following options   configure --with-quotas
--with-pam

I presume it is something wrong with my pam config  which follows

#%PAM-1.0
auth       required     pam_securetty.so
#auth       required    pam_stack.so service=system-auth
auth       required     pam_nologin.so
auth       sufficient   pam_winbind.so
auth       required     pam_env.so
auth       required     pam_unix.so nullok use_first_pass
account    sufficient pam_winbind.so
account    required pam_unix.so
#account    required    pam_stack.so service=system-auth
#password   required    pam_stack.so service=system-auth
#session    required    pam_stack.so service=system-auth
#session    optional    pam_console.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022
password required pam_unix.so nullok obscure min=4 max=8 session required
pam_unix.so session optional pam_lastlog.so session optional pam_motd.so
session optional pam_mail.so standard noenv

I have tried many varations of this file from various postings but all to no
avail

the relevant part of smb.conf follow

# Global parameters
[global]
        workgroup = LEARNINGDOMAIN
        realm = LEARNINGDOMAIN.ORG
        server string = %L running Samba %v
        security = ADS
        obey pam restrictions = Yes
        password server = pdc.learningdomain.org
        passwd program = /usr/bin/passwd %u
        unix password sync = Yes
        log level = 3
        log file = /var/log/samba/log.%m
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /home/%D/%U
        template shell = /bin/bash
        winbind separator = +
[shares]
        force create mode = 0660
        force directory mode = 0770
[homes]
        path = /home/%D/%U
        browseable = no
        read only = no
        create mask = 0600
        directory mask = 0700
        writable = yes



if I try su - DOMAIN+Username from a shell prompt

I get the following reply

[root at store01 pam.d]# su - LEARNINGDOMAIN+Administrator
su: warning: cannot change directory to /home/LEARNINGDOMAIN/Administrator:
No such file or directory -bash-2.05b$



So I get logged in but I remain in the current working directory

any advice gratefully received


Tim





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba