(Posting to the list for posterity.)
Kent West wrote:
I haven't gotten the home directory stuff figured out yet. When a user logs in, the error is generated that the home directory doesn't exist and that / will be used as the home directory. Hopefully I can get that solved in the next day or two.
Yuri responded:
[...]Yes, this created the directory. I'm wanting them to instead mount their NT Home folders, but if I understand what you're saying above, there are "issues" yet to be worked out. Still, this has gone a _very_ long way in getting me where I wanted to go. Thank you VERY much, Yuri!
template homedir = /home/%D/%U[...]
mkdir /home/YOURDOMAIN
then, log in and it automatically create /home/YOURDOMAIN/username
(/home/YOURDOMAIN must exist!)
In the meantime Linux users have a new home (in a NFS server) becouse I've a little problem. if I mount:
smbmount //winserver-home/users /home/MYDOMAIN
I am the owner of all homes!!! And they can't write!
if you find a better solution, let me know...
Ps: I am not domain administrator=I can't do everything
In my previous long posting (available in the Debian User Mail List archives at www.debian.org) detailing the setup, my /etc/pam.d/login file was missing the line:
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022
So, for completeness' sake, in one location, here are the relevant files:
/etc/nsswitch.conf:
passwd: files winbind compat
group: files winbind compat
shadow: winbind compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
/etc/samba/smb.conf:
[global]
workgroup = ACU
server string = %h server
security = domain
encrypt passwords = true
password server = phoebe
log file = /var/log/samba/log.%m
max log size = 1000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 18
local master = No
dns proxy = no
winbind uid = 10000-20000
winbind gid = 10000-20000
template shell = /bin/bash
winbind separator = +
template homedir = /home/%D/%U
/etc/pam.d/login:
auth required pam_securetty.so
auth required pam_nologin.so
auth sufficient pam_winbind.so
auth required pam_env.so
auth required pam_unix.so nullok use_first_pass
account sufficient pam_winbind.so
account required pam_unix.so
session required pam_unix.so
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard noenv
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 password required pam_unix.so nullok obscure min=4 max=8
Yuri earlier mentioned /etc/pam.d/xlock, but I haven't played with that file yet, nor know what it controls. I suspect it has something to do with the X Window System. For completeness, I'll add his /etc/pam.d/xlock file here:
auth sufficient pam_winbind.so auth sufficient pam_unix.so use_first_pass account sufficient pam_winbind.so account sufficient pam_unix.so
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
