[Samba] libpam-winbind mkhomedir

Rowland penny rpenny at samba.org
Tue Jun 1 07:52:05 UTC 2021


On 01/06/2021 08:08, Piviul via samba wrote:
>
> Il 31/05/21 17:47, Rowland penny via samba ha scritto:
>> [...]
>> What OS is this ?
> $ lsb_release -a
> No LSB modules are available.
> Distributor ID:    Debian
> Description:    Debian GNU/Linux 10 (buster)
> Release:    10
> Codename:    buster


Just saying Debian buster would have been enough 😂

>
>
>> Normally, the users Unix home directory is the one shown by 'getent 
>> passwd USERNAME' , 
>
> mhhh.... in effect if I run the command getent passwd using a hostname 
> instead of a username I get something similar to:


Ah, I now know where the spurious home directories are coming from.

>
> # getent passwd <domain>\\<hostname>$
>
> <domain>\<hostname>$:*:22110:10513::/home/<domain>/<hostname>_:/bin/bash
>
> There is something wrong in domain configuration?


No, there is nothing wrong with the domain configuration (as such), but 
there is something wrong with your understanding of AD. A computer in AD 
is just a user with an extra objectclass (funnily enough, this 
objectclass is called 'computer'), so you shouldn't really be running 
getent using a computer name . This doesn't affect Linux unless your 
computers gain a uidNumber and congratulations, you appear to have found 
a bug. Can you try removing what you added to  
/etc/security/pam_winbind.conf and then run pam-auth-update and ensure 
'Create home directory on login' is enabled. This may cure your problem.

>
>

>> So I have no idea where your extra folders are coming from. Can you 
>> post your smb.conf and the contents of /etc/security/pam_winbind.conf
>
> $ testparm
>
> # Global parameters
> [global]
>     log file = /var/log/samba/log.%m
>     logging = file
>     map to guest = Bad User
>     max log size = 1000
>     obey pam restrictions = Yes
>     pam password change = Yes
>     panic action = /usr/share/samba/panic-action %d
>     realm = AD.CSARICERCHE.COM
>     security = ADS
>     server min protocol = NT1
>     server string = %h server
>     template shell = /bin/bash
>     usershare allow guests = Yes
>     winbind refresh tickets = Yes
>     wins server = 192.168.64.2


'wins' in AD ?????

Rowland






More information about the samba mailing list