On Tuesday 14 June 2005 14:00, Romeo Theriault wrote: > I have a Suse 9.1 Enterprise Server connected to our Windows 2003 Active > Directory Domain for use a file server, housing peoples home(backup) > directories. The Suse box is connected to AD with winbind and it's > connected fine. The problem is that when I create a user on the windows > box it's not creating a home directory in Linux. It says I don't have > create access on the server when I try to map them a drive. I'm not sure > what the problem is but I think it's with my pam authentication of with > my smb.conf file.
PAM is used only when you use Windows accounts to log onto the Linux system. Samba does not use PAM. To automatically create a home directory that does not exist you will need to write a shell script, and call it from the share definition like this: > > Here is my smb.conf: > > [global] > > #global options needed to communicate with Active Directory > unix charset = LOCALE > ads server = (ip goes here) > workgroup = NEWDOMAIN > realm = NEWDOMAIN.LOCAL > server string = SambaT > security = ADS > password server = * > encrypt passwords = yes > invalid users = root bin daemon adm sync shutdown halt mail news uucp > operator gopher > > #winbind configuration > > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind separator = + > winbind enum users=yes > winbind enum groups=yes > template homedir = /home/%U > #this makes it so they don't have shell logon accounts. > template shell = /bin/false > > [homes] > comment = Home Directories > path = /home/%U root preexec = /usr/local/sbin/mkhomedir.sh %U > #user = @"NEWDOMAIN+domain users" > browseable = No > writeable= yes The mkhomedir.sh file can contain: ----------------------- cut here ---------------------- #!/bin/bash if [ ! -e /home/DOMAIN/$1 ]; then mkdir /home/DOMAIN/$1 chown $1:"Domain Users" /home/DOMAIN/$1 fi exit 0 --------------------- cut here ----------------------- Then set this file with permissions: chown root:root /usr/local/sbin/mkhomedir.sh chmod u=rwsx,g=rwx,o-rwx - John T. > > > > > and here is the pam.d samba file: > > #%PAM-1.0 > auth required /lib/security/pam_env.so > auth sufficient /lib/security/pam_winbind.so > auth sufficient /lib/security/pam_unix.so likeauth nullok > use_first_pass auth required /lib/security/pam_deny.so > > account sufficient /lib/security/pam_winbind.so > account required /lib/security/pam_unix.so > > password required /lib/security/pam_cracklib.so retry=3 minlen=2 > dcredit=0 ucredit=0 password sufficient /lib/security/pam_unix.so > nullok use_authtok md5 shadow password required > /lib/security/pam_deny.so > > session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ > umask=0022 session required /lib/security/pam_limits.so > session required /lib/security/pam_unix.so > > > > Thank you, I appreciate any help. I've been beating my head against the > wall on this one. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba