[Samba] Auto creation of home directories on Samba-3.5.4(CentOS 6) using PAM authenticating via ADS
Derek Cordeiro
cordeiroderek at gmail.com
Wed Aug 31 08:47:43 MDT 2011
Hi,
I have installed samba 3.5.4 on Centos 6 and have set it up to
authenticate to a Windows 2008 Domain Controller. When I do a "su -
some-domain-user", the home directory gets created. However, I want
the home directory to be created when a user accesses the samba
shares(no shell access). Following are the relevant configurations.
What are the PAM changes I need to make? Help is much appreciated.
==smb.conf==
[global]
workgroup = RADON
realm = RADON.LAB
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /sbin/nologin
winbind use default domain = true
winbind offline logon = false
domain master = no
obey pam restrictions = yes
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
passdb backend = tdbsam
[homes]
comment = Home Directories
browseable = no
writable = yes
[public]
comment = Public Stuff
path = /home/shared
public = yes
writable = yes
printable = no
==/etc/pam.d/samba==
#%PAM-1.0
auth required pam_nologin.so
auth include password-auth
account include password-auth
session include password-auth
password include password-auth
==/etc/pam.d/password-auth==
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok
try_first_pass use_authtok
password sufficient pam_krb5.so use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so
session optional pam_mkhomedir.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session required pam_unix.so
session optional pam_krb5.so
------------------------------------------------------------------------------------------------
Regards,
Derek
More information about the samba
mailing list