Hi, I'm setting up a Gentoo samba server for home directories on a 2003 ADS network.
I've decided to use pam_mkhomedir.to have the fileserver automagically create their home when they first log in. But we don't want everyone to log in, just the members of the AD group filesurfer-users. The problem: Regardless of what I put as a require_membership_of= in the samba pam file, any domain user can log in and a home directory is created. I've attached a copy of /etc/pam.d/samba and /etc/samba/smb.conf. Any help would be greatly appreciated. /etc/pam.d/samba: ---------------------------------------------------------------------- #%PAM-1.0 # Require membership of filesurfer-users group account required pam_winbind.so require_membership_of=(SID) session required pam_winbind.so require_membership_of=(SID) session optional pam_mkhomedir.so skel=/etc/mside-skel umask=0077 ------------------------------------------------------------------------ Smb.conf: [global] workgroup = DOMAIN netbios aliases = FILESURFER server string = FileSurfer log file = /var/log/samba/%m.log max log size = 50 security = ADS realm = DOMAIN.SCHOOL.EDU encrypt passwords = yes server signing = auto smb passwd file = /etc/samba/smbpasswd admin users = @"DOMAIN+Domain Admins" unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully* pam password change = yes obey pam restrictions = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no allow trusted domains = no idmap backend = rid idmap uid = 10000-1000000 idmap gid = 10000-1000000 winbind use default domain = yes winbind separator = + winbind enum users = yes winbind enum groups = yes template shell = /bin/bash template homedir = /home/%U local master = no inherit permissions = yes dos filemode = yes recycle:exclude = *.tmp *.temp *.o *.obj ~$* recycle:keeptree = True recycle:touch = True recycle:versions = True recycle:noversions = .doc|.xls|.ppt recycle:repository = /home/trash/%U recycle:maxsize = 10000000 vfs objects = recycle [homes] comment = Home Directories create mask = 0700 browseable = no writable = yes valid users = %U nt acl support = yes ------------------------------------------------------------ Thanks in advance, Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba