[Samba] pam_winbind and home folders

Piviul piviul at riminilug.it
Fri Dec 16 07:49:52 UTC 2022 

On 12/15/22 10:02, Rowland Penny via samba wrote:
> On 15/12/2022 08:23, Piviul via samba wrote:
>> Sorry for the answer delay...
>>
>> On 12/2/22 14:13, Rowland Penny via samba wrote:
>>> I think you are going to have to give us more info. For some reason, 
>>> PAM seems to be treating the computers as users (which they are in 
>>> AD, but rather special users), also it isn't winbind that creates 
>>> home directories, it is a PAM plugin.
>>
>> yes, you are right, in effect I can't find PC names in users
>>
>> $ wbinfo --domain-users | grep $(hostname)
>> $
>>
>> or in groups
>>
>> $ wbinfo --domain-groups | grep $(hostname)
>> $
>>
>> but for PAM the PC is a user:
>>
>> $ getent passwd $(wbinfo --own-domain)\\$(hostname)$
>> DOMINIOCSA\psala-lx$:*:21298:10513::/home/DOMINIOCSA/psala-lx_:/bin/bash
>
> No that isn't PAM, it is a combination of winbind and nsswitch, though 
> it looks like there is a bug, '10513' is undoubtedly Domain Users and 
> a computers primary group is Domain Computers.

ok, it isn't PAM... so do you think it's a bug but not related to the 
idmap backend I use and even migrating the idmap backend from rid to ad, 
PAM will continue to create PCs home folders because windbind will 
continue to say that PCs are users and have "Domain Users" as a primary 
group, didn't you?


> [...]
> There has to be a reason why you are using a dead OS and a dead 
> version of Samba, but it escapes me.

no, I don't use it any more; I would only underline that if it is a bug 
is an old bug.


> [...]
> It looks like you are using the 'rid' idmap backend and if so, there 
> is a bug for this, see here:
>
> https://bugzilla.samba.org/show_bug.cgi?id=13371

I can't understand 😕... seems that this bug is not present on build 
from samba-4.10.0 but I find it on samba 4.17.3...


> But your problem puts another slant on it, care to add to it ?

yes continue to remove empty PCs home folders, it's not a big problem...

So do you suggest me to live with it, to do nothing, didn't you?

Have a great day

Piviul

More information about the samba mailing list