[Samba] Auto creation of home directories on Samba-3.5.4(CentOS 6) using PAM authenticating via ADS

Derek Cordeiro cordeiroderek at gmail.com
Wed Aug 31 08:47:43 MDT 2011 

Hi,

I have installed samba 3.5.4 on Centos 6 and have set it up to
authenticate to a Windows 2008 Domain Controller. When I do a "su -
some-domain-user", the home directory gets created. However, I want
the home directory to be created when a user accesses the samba
shares(no shell access). Following are the relevant configurations.
What are the PAM changes I need to make? Help is much appreciated.

==smb.conf==
[global]
   workgroup = RADON
   realm = RADON.LAB
   security = ads
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template shell = /sbin/nologin
   winbind use default domain = true
   winbind offline logon = false
   domain master = no
   obey pam restrictions = yes

        server string = Samba Server Version %v
        log file = /var/log/samba/log.%m
        max log size = 50
        passdb backend = tdbsam

[homes]
        comment = Home Directories
        browseable = no
        writable = yes

[public]
        comment = Public Stuff
        path = /home/shared
        public = yes
        writable = yes
        printable = no

==/etc/pam.d/samba==
#%PAM-1.0
auth       required     pam_nologin.so
auth       include      password-auth
account    include      password-auth
session    include      password-auth
password   include      password-auth

==/etc/pam.d/password-auth==
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_krb5.so use_first_pass
auth        sufficient    pam_winbind.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok
try_first_pass use_authtok
password    sufficient    pam_krb5.so use_authtok
password    sufficient    pam_winbind.so use_authtok
password    required      pam_deny.so

session     optional      pam_mkhomedir.so
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_krb5.so
------------------------------------------------------------------------------------------------

Regards,
Derek

More information about the samba mailing list