[Samba] "nis homedir" issue on samba- 3.6.9-151.el6 (CentOS 6.4 64bit)

Vincenzo De Sanctis vincenzo.desanctis at gmail.com
Sat May 4 07:53:25 MDT 2013 

is winbind needed for "nis homedir"?


2013/5/1 Vincenzo De Sanctis <vincenzo.desanctis at gmail.com>

> can be a pam problem?
>
> [root at dork]# cat /etc/pam.d/samba
> #%PAM-1.0
> auth       required     pam_nologin.so
> auth       include      password-auth
> account    include      password-auth
> session    include      password-auth
> password   include      password-auth
>
>
>
> 2013/5/1 Vincenzo De Sanctis <vincenzo.desanctis at gmail.com>
>
>> maybe there is a bug regarding the use of nis to mount the user's home
>> directory at the login or my misconfiguration.
>> After the CentOS 6.4 (64bit) installation I checked for the latest samba
>> version on the official repository using yum: the latest version (that was
>> already installed) is samba- 3.6.9-151.el6.
>> From "man smb.conf" I have seen that "nis homedir" is not yet deprecated,
>> I used it a decade ago on samba-2.2.12 with successful.
>> On CentOS 6.4 I don't use ldap, but only nis and the latter works without
>> problem, I installed also autofs (auto.home).
>> autofs+nis are simple and work great, I can 'su' home users on nfs
>> without problem.
>>
>>
>> [global]
>>
>>    workgroup = DORK   ;changed for privacy
>>    netbios name = lince
>>    server string = DMIT domain server
>>    interfaces = eth0
>>
>> ;   smb ports = 445
>>
>>    hosts allow = 129.123.38., 139.123.39., 179.21.23., 127. ;changed for
>> privacy
>>    hosts deny = ALL
>>
>>    os level = 33
>>    domain master = yes
>>    local master = yes
>>    preferred master = yes
>>    domain logons = yes
>>    security = user
>>    guest accout = guest
>>    encrypt passwords = yes
>>    check password script = /usr/local/sbin/crackcheck -d
>> /usr/share/cracklib/pw_dict
>>
>>    smb passwd file = /etc/samba/smbpasswd
>>    passdb backend = smbpasswd
>>    username map = /etc/samba/smbusers
>>
>>    time server = Yes
>>
>>    log file = /var/log/samba/pc/%m.log
>>
>>    nis homedir = yes
>>    homedir map = auto.home
>>
>>    null passwords = yes
>>    client lanman auth = no
>>
>>    logon script = logon.bat
>>    logon path =
>>    logon drive = M:
>>    logon home = \\%N\%U
>>
>>    wins support = no
>>    wins server = winsserver  ;changed for privacy
>>
>>    log level = 2
>>    lock directory = /var/log/samba/locks/
>>    state directory = /var/log/samba/state/
>>    cache directory = /var/log/samba/cache/
>>    pid directory = /var/log/samba/pid/
>>    usershare path = /var/log/samba/usershare/
>>    printjob username = %M\%U
>>    hide dot files = No[netlogon]
>>    path = /etc/samba/netlogon
>>
>> ;   max protocol = smb2
>>
>>    kernel oplocks = no
>>    oplocks = no
>>    level2 oplocks = no
>>    posix locking = no
>>
>>    follow symlinks = yes
>>    wide links = yes
>>    unix extensions = no
>>    nt acl support = no
>>
>>    printing = lprng
>>    printcap name = /usr/local/samba/lib/printcap
>>    load printers = yes
>>    print command = /usr/bin/lpr -P%p %s; rm %s
>>    lpq command = /usr/bin/lpq -P%p
>>    lprm command = /usr/bin/lprm -P%p %j
>>    printcap cache time = 0
>>
>> ### speed tuning
>>    socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
>>    write raw = yes
>>    read raw = no
>>
>> ###  for japanese font :(
>>    dos charset = cp932
>>    display charset = cp932
>>    unix charset = cp932
>>
>> ;  profiles drammatically slow the logout so I disabled
>> ;  [profiles]
>> ;  comment = Network Profiles Share
>> ;  path = /etc/samba/profiles
>> ;  read only = No
>> ;  store dos attribute = Yes
>> ;  create mask = 0600
>> ;  directory mask = 0700
>> ;  browseable = no
>>
>>
>> [netlogon]
>>    path = /etc/samba/netlogon
>>    writeable = no
>>    public = yes
>>
>> [root]
>>    comment = Root di %h
>>    path = /
>>    read only = yes
>>    public = no
>>    locking = no
>>
>> [printers]
>>    printable = yes
>>    public = yes
>>    writable = no
>>    guest ok = yes
>>
>>    #create mode = 0700
>>
>> [homes]
>>    comment = Users Home Directories
>>    read only = No
>>    create mask = 0644
>>    directory mask = 0711
>>    browseable = No
>>    valid users = %S
>> ;  %S = the name of the current service, if any. service = map name,
>> ;  so map name A-USER can only be connected by A-USER, %S = %u
>> ;
>> ;  By default, \\server\username shares can be connected to by anyone
>> ;  with access to the samba server. This parameter make sure that only
>> ;  username can connect to \\server\username
>>
>> [project]
>>    comment = Group project directories
>>    path = /usr/local/samba/lib/prj  ;this path contains several links to
>> nfs
>>    read only = no
>>    writable = yes
>>    create mode = 0775
>>    force create mode = 0775
>>    directory mode = 02775
>>    force directory mode = 02775
>>    public = no
>>    oplocks = no
>> ,,,,,,,,,,,, continues but not important!
>>
>>
>>
>> As you can see in the smb.conf  I added 'nis homedir = yes' and 'homedir
>> map = auto.home'
>> Samba- 3.6.9-151.el6 is included in CentOS 6.4 so to check if has been
>> compiled with configure --with-automount I used the command 'smbd -b|grep
>> -i automount':
>>
>>   [root at dork]#smbd -b| grep -i automount
>>         WITH_AUTOMOUNT
>>         WITH_AUTOMOUNT
>>
>> this is a piece of my /etc/auto.home:
>>
>> pippo          server1:/dati3/export/home/&
>> pluto         server2:/iscsi/home/&
>> #paperino                 server1:/dati2/export/home/&
>> mickeymouse            server2:/iscsi/home/&
>> spiderman         server1:/dati2/export/home/&
>> ,,,,,,,,,,, continues but not important!
>>
>> Now after samba configuration I'm able to join the 'DORK' domain from
>> win7 and at login the latter mounts all resources declared through
>> logon.bat without problem except the user's home directory because 'nis
>> homedir' fails.
>>
>> I think, M: is not mounted on win7 because the variable %N is black
>> (strange!), I can say that because I also added %N to the file log name
>> 'log file = /var/log/samba/test/%N_%p.log (but even %p is blank!), from man
>> smb.conf The NIS auto.map entry is split up as %N:%p, and if
>> --with-automount is not added during the compile %N become %L.....but in my
>> case %N is black not %L...
>>
>>
>>    logon drive = M:
>>    logon home = \\%N\%U
>>
>>
>> After, I did other tests: I started winbind services but I think nis no
>> needs it
>>
>> You can see the log regarding the connection between the samba server and
>> a win7 pc named 'ORDONA', login username 'guest', all on
>> http://www.wepaste.com/vincenzo/
>>
>>
>> Where 'nis homedir' fails? Or is there a known bug?
>>
>>
>>
>> --
>> Vincenzo De Sanctis
>>
>
>
>
> --
> Vincenzo De Sanctis
>



-- 
Vincenzo De Sanctis

More information about the samba mailing list