[Samba] creating samba accounts on first login
Riley Griffin
griffiri at mnstate.edu
Thu Jul 26 19:56:19 GMT 2007
Hello all! I am trying to setup a small lab of centos5 computers
for students attending my university. The lab machines authenticate
against a mysql database using pam_mysql. All the home directories
of the students are kept on a samba server and mounted to the lab
computers in /home. The samba server and all the lab machines have
the same passwd file and they are kept updated through scripts. If
the person logging in has a samba username/password and already has
a home directory on the samba server then everything works fine,
authentication works great, they get thier files, no one else has
rights to them. Its a perfect situation. My problem occurs when a
new user wishes to login for the first time. I am currently stuck
on trying to do two things:
1. Create home directories on the samba mount for the new user.
(I was able to do this if root on the lab machine is not
not squashed but this is a security problem)
2. sync the password used for authentication to the smbpasswd
file on the samba server.
This may be a problem with my config files, to tell you the truth
I really dont understand exactly how to configure things in
/etc/samba/smb.conf
I am trying to use pam_mount to trigger the samba file on the samba
server which then in turn has a line that uses pam_mkhomedir.so to
create the home directories on first login.
I am also trying to use pam_smbpass.so to sync the username and
password to the smbpasswd file.
here is my pam file for login:
############################################################################
auth requisite pam_nologin.so
session required pam_env.so readenv=1
auth optional pam_smbpass.so migrate debug audit
auth sufficient pam_unix.so use_first_pass
auth required pam_mount.so
auth required pam_mysql.so ***Auth Stuff***
auth optional pam_group.so
account include common-account
session include common-session
session required pam_limits.so
password include common-password
############################################################################
Please note: The reason I have the pam_smbpass line above the pam_unix line
is because I need the pam_unix line to be sufficient so that
local root logins are possible.
If anyone has any suggestions or a better way to get the same result please
let me know :)
More information about the samba
mailing list