[Samba] OpenSSH auth in SAMBA4 LDAP
Bruno Vane
broonu at gmail.com
Mon Aug 26 14:46:09 MDT 2013
Hi Ricky,
I'm not using winbind.
To auto create home dir I added:
session required pam_mkhomedir.so skel=/etc/skel umask=0022
in "/etc/pam.d/common-session" file.
I'm using Marc instructions to log in via SSH whithout join the machine in
the domain. Can I also use winbind with this setup?
2013/8/26 Ricky Nance <ricky.nance at gmail.com>
> If you are using winbind, you can use template home directory = and
> template shell = in your smb.conf (man smb.conf for a more accurate
> description)..
>
> Ricky
>
>
> On Mon, Aug 26, 2013 at 2:58 PM, Bruno Vane <broonu at gmail.com> wrote:
>
>> Marc, it seems that the problem was actually that the "posix information"
>> were blank and I could not edit them. Made domain provision again with the
>> option "--use RFC2307." After creating the user in AD (via RSAT in Win7) I
>> need to manually enable NIS domain info for that user. After this, I got
>> to
>> access via SSH using the Samba4 LDAP. Now i have to research how to
>> auto-create the home dir and change the shell to /bin/bash.
>> Very thank you for your help!
>>
>> root at samba:~# getent passwd bruno.vane
>> bruno.vane:*:10000:513:Bruno Vane:/home/bruno.vane:/bin/sh
>>
>> bruno.vane at Suporte-VR:~$ ssh -l bruno.vane 177.84.70.200
>> bruno.vane at 177.84.70.200's password:
>> Could not chdir to home directory /home/bruno.vane: No such file or
>> directory
>> $
>>
>> 2013/8/26 Marc Muehlfeld <samba at marc-muehlfeld.de>
>>
>> >
>> >
>> > Am 26.08.2013 20:12, schrieb Luca Olivetti:
>> >
>> > - Now you should be able to see all accounts (the local and domain
>> >>> accounts), when you type
>> >>> # getent passwd
>> >>>
>> >>
>> >> I tried it on a test VM, but it only showed accounts migrated from
>> samba
>> >> 3+ldap (since they have the posix attributes), new users/groups added
>> >> via samba-tool or windows didn't appear.
>> >>
>> >
>> > Of course this would only work if you have posix information in your
>> > directory.
>> >
>> > If you don't want to manage them in AD, you can use winbind or sssd. But
>> > there you have other requirements (machine joined to domain, kerberos,
>> ...).
>> >
>> >
>> >
>> > Regards,
>> > Marc
>> >
>> >
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions: https://lists.samba.org/**mailman/options/samba<
>> https://lists.samba.org/mailman/options/samba>
>>
>> >
>>
>>
>>
>> --
>>
>> Bruno Vane
>> HPM Tecnologia
>> (24) 9278-7195 / (24) 3345-0002
>> skype: broonu
>>
>> www.zamix.com.br | www.superonda.com.br
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
--
Bruno Vane
HPM Tecnologia
(24) 9278-7195 / (24) 3345-0002
skype: broonu
www.zamix.com.br | www.superonda.com.br
More information about the samba
mailing list