I've built a domain member. It works pretty good with the exception
that I want on-the-fly home directories being built. I'm not sure this
is doable with a domain member as everything I've tried isn't even
called - as far as I can tell. Using log level 3.
If anyone can shed light on how to dynamically create home directories,
that'd be great.
anyway, here's my latest incarnation of smb.conf.
[global]
display charset = UTF-8
workgroup = KRH
realm = KRH.INT
netbios aliases = hitstor
server string = HIT anything server
interfaces = 172.29.107.110
bind interfaces only = Yes
security = ADS
auth methods = sam, winbind, trustdomain
password server = kal-dc3.krh.int, kal-dc4.krh.int, kal-dc2.krh.int, *
ntlm auth = No
client NTLMv2 auth = Yes
log level = 1
syslog = 0
log file = /var/log/samba/log.%U
debug prefix timestamp = Yes
smb ports = 139
name resolve order = wins host bcast lmhost
unix extensions = No
server signing = auto
lpq cache time = 10
max open files = 20000
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
name cache timeout = 60
load printers = No
printcap cache time = 60
show add printer wizard = No
add user script = /usr/sbin/pw useradd %u -g krh -k
/usr/local/etc/skel -d /home/KRH
local master = No
domain master = No
dns proxy = No
wins server = 10.6.1.21
utmp = Yes
nmbd bind explicit broadcast = No
host msdfs = No
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /usr/local/bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
acl group control = Yes
cups options = raw
force printername = Yes
wide links = Yes
[homes]
comment = Home Directories
read only = No
browseable = No
Here's the /etc/pam.d/system file:
#
# $FreeBSD: src/etc/pam.d/system,v 1.1.32.1.4.1 2010/06/14 02:09:06
kensmith Exp $
#
# System-wide defaults
#
# auth
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
auth sufficient /usr/local/lib/pam_winbind.so mkhomedir=yes
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass nullok
# account
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session required pam_lastlog.so no_fail
session required /usr/local/lib/pam_mkhomedir.so
skel=/usr/local/etc/skel
# password
#password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_pass
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
