[Samba] "nis homedir" issue on samba- 3.6.9-151.el6 (CentOS 6.4 64bit)
Vincenzo De Sanctis
vincenzo.desanctis at gmail.com
Sat May 4 07:53:25 MDT 2013
is winbind needed for "nis homedir"?
2013/5/1 Vincenzo De Sanctis <vincenzo.desanctis at gmail.com>
> can be a pam problem?
>
> [root at dork]# cat /etc/pam.d/samba
> #%PAM-1.0
> auth required pam_nologin.so
> auth include password-auth
> account include password-auth
> session include password-auth
> password include password-auth
>
>
>
> 2013/5/1 Vincenzo De Sanctis <vincenzo.desanctis at gmail.com>
>
>> maybe there is a bug regarding the use of nis to mount the user's home
>> directory at the login or my misconfiguration.
>> After the CentOS 6.4 (64bit) installation I checked for the latest samba
>> version on the official repository using yum: the latest version (that was
>> already installed) is samba- 3.6.9-151.el6.
>> From "man smb.conf" I have seen that "nis homedir" is not yet deprecated,
>> I used it a decade ago on samba-2.2.12 with successful.
>> On CentOS 6.4 I don't use ldap, but only nis and the latter works without
>> problem, I installed also autofs (auto.home).
>> autofs+nis are simple and work great, I can 'su' home users on nfs
>> without problem.
>>
>>
>> [global]
>>
>> workgroup = DORK ;changed for privacy
>> netbios name = lince
>> server string = DMIT domain server
>> interfaces = eth0
>>
>> ; smb ports = 445
>>
>> hosts allow = 129.123.38., 139.123.39., 179.21.23., 127. ;changed for
>> privacy
>> hosts deny = ALL
>>
>> os level = 33
>> domain master = yes
>> local master = yes
>> preferred master = yes
>> domain logons = yes
>> security = user
>> guest accout = guest
>> encrypt passwords = yes
>> check password script = /usr/local/sbin/crackcheck -d
>> /usr/share/cracklib/pw_dict
>>
>> smb passwd file = /etc/samba/smbpasswd
>> passdb backend = smbpasswd
>> username map = /etc/samba/smbusers
>>
>> time server = Yes
>>
>> log file = /var/log/samba/pc/%m.log
>>
>> nis homedir = yes
>> homedir map = auto.home
>>
>> null passwords = yes
>> client lanman auth = no
>>
>> logon script = logon.bat
>> logon path =
>> logon drive = M:
>> logon home = \\%N\%U
>>
>> wins support = no
>> wins server = winsserver ;changed for privacy
>>
>> log level = 2
>> lock directory = /var/log/samba/locks/
>> state directory = /var/log/samba/state/
>> cache directory = /var/log/samba/cache/
>> pid directory = /var/log/samba/pid/
>> usershare path = /var/log/samba/usershare/
>> printjob username = %M\%U
>> hide dot files = No[netlogon]
>> path = /etc/samba/netlogon
>>
>> ; max protocol = smb2
>>
>> kernel oplocks = no
>> oplocks = no
>> level2 oplocks = no
>> posix locking = no
>>
>> follow symlinks = yes
>> wide links = yes
>> unix extensions = no
>> nt acl support = no
>>
>> printing = lprng
>> printcap name = /usr/local/samba/lib/printcap
>> load printers = yes
>> print command = /usr/bin/lpr -P%p %s; rm %s
>> lpq command = /usr/bin/lpq -P%p
>> lprm command = /usr/bin/lprm -P%p %j
>> printcap cache time = 0
>>
>> ### speed tuning
>> socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
>> write raw = yes
>> read raw = no
>>
>> ### for japanese font :(
>> dos charset = cp932
>> display charset = cp932
>> unix charset = cp932
>>
>> ; profiles drammatically slow the logout so I disabled
>> ; [profiles]
>> ; comment = Network Profiles Share
>> ; path = /etc/samba/profiles
>> ; read only = No
>> ; store dos attribute = Yes
>> ; create mask = 0600
>> ; directory mask = 0700
>> ; browseable = no
>>
>>
>> [netlogon]
>> path = /etc/samba/netlogon
>> writeable = no
>> public = yes
>>
>> [root]
>> comment = Root di %h
>> path = /
>> read only = yes
>> public = no
>> locking = no
>>
>> [printers]
>> printable = yes
>> public = yes
>> writable = no
>> guest ok = yes
>>
>> #create mode = 0700
>>
>> [homes]
>> comment = Users Home Directories
>> read only = No
>> create mask = 0644
>> directory mask = 0711
>> browseable = No
>> valid users = %S
>> ; %S = the name of the current service, if any. service = map name,
>> ; so map name A-USER can only be connected by A-USER, %S = %u
>> ;
>> ; By default, \\server\username shares can be connected to by anyone
>> ; with access to the samba server. This parameter make sure that only
>> ; username can connect to \\server\username
>>
>> [project]
>> comment = Group project directories
>> path = /usr/local/samba/lib/prj ;this path contains several links to
>> nfs
>> read only = no
>> writable = yes
>> create mode = 0775
>> force create mode = 0775
>> directory mode = 02775
>> force directory mode = 02775
>> public = no
>> oplocks = no
>> ,,,,,,,,,,,, continues but not important!
>>
>>
>>
>> As you can see in the smb.conf I added 'nis homedir = yes' and 'homedir
>> map = auto.home'
>> Samba- 3.6.9-151.el6 is included in CentOS 6.4 so to check if has been
>> compiled with configure --with-automount I used the command 'smbd -b|grep
>> -i automount':
>>
>> [root at dork]#smbd -b| grep -i automount
>> WITH_AUTOMOUNT
>> WITH_AUTOMOUNT
>>
>> this is a piece of my /etc/auto.home:
>>
>> pippo server1:/dati3/export/home/&
>> pluto server2:/iscsi/home/&
>> #paperino server1:/dati2/export/home/&
>> mickeymouse server2:/iscsi/home/&
>> spiderman server1:/dati2/export/home/&
>> ,,,,,,,,,,, continues but not important!
>>
>> Now after samba configuration I'm able to join the 'DORK' domain from
>> win7 and at login the latter mounts all resources declared through
>> logon.bat without problem except the user's home directory because 'nis
>> homedir' fails.
>>
>> I think, M: is not mounted on win7 because the variable %N is black
>> (strange!), I can say that because I also added %N to the file log name
>> 'log file = /var/log/samba/test/%N_%p.log (but even %p is blank!), from man
>> smb.conf The NIS auto.map entry is split up as %N:%p, and if
>> --with-automount is not added during the compile %N become %L.....but in my
>> case %N is black not %L...
>>
>>
>> logon drive = M:
>> logon home = \\%N\%U
>>
>>
>> After, I did other tests: I started winbind services but I think nis no
>> needs it
>>
>> You can see the log regarding the connection between the samba server and
>> a win7 pc named 'ORDONA', login username 'guest', all on
>> http://www.wepaste.com/vincenzo/
>>
>>
>> Where 'nis homedir' fails? Or is there a known bug?
>>
>>
>>
>> --
>> Vincenzo De Sanctis
>>
>
>
>
> --
> Vincenzo De Sanctis
>
--
Vincenzo De Sanctis
More information about the samba
mailing list