[Samba] Winbind login overwrite homedir

basti mailinglist at unix-solution.de
Wed Jul 8 14:15:17 UTC 2020 

 cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files winbind
group:          files winbind
shadow:         files
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis


cat /etc/samba/smb.conf
[global]
       security = ADS
       workgroup = SAMDOM
       realm = SAMDOM.EXAMPLE.COM

       log file = /var/log/samba/%m.log
       log level = 1

       winbind refresh tickets = Yes
       dedicated keytab file = /etc/krb5.keytab
       kerberos method = secrets and keytab
       winbind use default domain = yes

       load printers = no
       printing = bsd
       printcap name = /dev/null
       disable spoolss = yes

       idmap config * : backend = tdb
       idmap config * : range = 1000-2000

       idmap config SAMDOM:backend = ad
       idmap config SAMDOM:schema_mode = rfc2307
       idmap config SAMDOM:range = 2001-999999
       idmap config SAMDOM:unix_nss_info = yes

       template homedir = /home/%U
       template shell = /bin/bash

       client use spnego = yes
       client ntlmv2 auth = yes
       encrypt passwords = yes
       winbind use default domain = yes
       restrict anonymous = 2

       # fix dfs error's in log ?
       host msdfs = no

       # https://wiki.samba.org/index.php/PAM_Offline_Authentication
       winbind offline logon = yes

       winbind enum users = yes
       winbind enum groups = yes

OS: Debian 10.4

Best Regards,

On 08.07.20 15:39, Rowland penny via samba wrote:
> On 08/07/2020 14:30, basti via samba wrote:
>> Hello,
>> on my samba AD i have set homedir to /home/users/<username>.
> I take it you mean 'in' AD and not in the DC's smb.conf
>>
>> Now i have setup a linux client with pam-winbind and nss-winbind.
>>
>> getent passwd <username> show /home/users/<username> as home directory.
>>
>> And that's dir is create on login.
>> Why it is use the path set on AD and not the path set in smb.conf ?
>>
>>
>> grep home -r /etc/pam.d/ /etc/samba/smb.conf
>> /etc/security/pam_winbind.conf
>> /etc/pam.d/common-session:session    optional            pam_mkhomedir.so
>> /etc/samba/smb.conf:       template homedir = /home/%U
>> /etc/security/pam_winbind.conf:# create homedirectory on the fly
>> /etc/security/pam_winbind.conf:mkhomedir = yes
>>
>> I would prefer /home/%U at this client.
>>
>> Best regards,
>>
> What OS
> 
> Please post the [global] portion of your smb.conf
> 
> Can you also post the contents of /etc/nsswitch.conf
> 
> Rowland
> 
> 
>

More information about the samba mailing list