[Samba] How do I get pam_mkhomedir to work

Buchan Milne bgmilne at obsidian.co.za
Wed Feb 4 16:16:30 GMT 2004 

On 3 Feb 2004, Tim Simpson wrote:

> Message follows this disclaimer
> --------------------------------------------------------------------------------------------------
> This email and any files transmitted with it is confidential and intended solely
> for the person or organisation to whom it is addressed. 

This mail is not addressed to me, may I read it? ;-)

> Sorry if this is a simple question but I have been struggling for many days
> trying to samba-3.0.2rc2 working with a win2k AD
> 
> wbinfo -t works
> wbinfo -u works
> wbinfo -g works
> 
> getent passwd username works
> 
> sharing dirs works
> 
> in fact everything seems to work with the exception of a users directory being
> created using pam_mkhomedir.so
> 
> I am running on Redhat 9   with Samba 3.0.2rc2
> 
> Samba was built using the following options   configure --with-quotas --with-pam
> 
> I presume it is something wrong with my pam config  which follows
> 
> #%PAM-1.0
> auth       required     pam_securetty.so
> #auth       required    pam_stack.so service=system-auth
> auth       required     pam_nologin.so
> auth       sufficient   pam_winbind.so
> auth       required     pam_env.so
> auth       required     pam_unix.so nullok use_first_pass
> account    sufficient pam_winbind.so
> account    required pam_unix.so
> #account    required    pam_stack.so service=system-auth
> #password   required    pam_stack.so service=system-auth
> #session    required    pam_stack.so service=system-auth
> #session    optional    pam_console.so
> session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022
> password required pam_unix.so nullok obscure min=4 max=8
> session required pam_unix.so
> session optional pam_lastlog.so
> session optional pam_motd.so
> session optional pam_mail.so standard noenv
> 
> I have tried many varations of this file from various postings but all to no
> avail
> 
> the relevant part of smb.conf follow
> 
> # Global parameters
> [global]
>         workgroup = LEARNINGDOMAIN
>         realm = LEARNINGDOMAIN.ORG
>         server string = %L running Samba %v
>         security = ADS
>         obey pam restrictions = Yes
>         password server = pdc.learningdomain.org
>         passwd program = /usr/bin/passwd %u
>         unix password sync = Yes
>         log level = 3
>         log file = /var/log/samba/log.%m
>         preferred master = No
>         local master = No
>         domain master = No
>         dns proxy = No
>         ldap ssl = no
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         template homedir = /home/%D/%U
>         template shell = /bin/bash
>         winbind separator = +
> [shares]
>         force create mode = 0660
>         force directory mode = 0770
> [homes]
>         path = /home/%D/%U
>         browseable = no
>         read only = no
>         create mask = 0600
>         directory mask = 0700
>         writable = yes
> 
> 
> 
> if I try su - DOMAIN+Username from a shell prompt
> 
> I get the following reply
> 
> [root at store01 pam.d]# su - LEARNINGDOMAIN+Administrator
> su: warning: cannot change directory to /home/LEARNINGDOMAIN/Administrator: No
> such file or directory
> -bash-2.05b$
> 

pam_mkhomedir doesn't make deep directories ... does /home/LEARNINGDOMAIN 
exist?

And, you don't mention which pam config file you are editing, but it is 
most likely more useful to do this in system-auth, then if you set 'obey 
pam restrictions = yes' in smb.conf, samba will even make the home 
directories (or any app pam application with session support ...

Regards,
Buchan

More information about the samba mailing list