is winbind needed for "nis homedir"?
2013/5/1 Vincenzo De Sanctis <[email protected]> > can be a pam problem? > > [root@dork]# cat /etc/pam.d/samba > #%PAM-1.0 > auth required pam_nologin.so > auth include password-auth > account include password-auth > session include password-auth > password include password-auth > > > > 2013/5/1 Vincenzo De Sanctis <[email protected]> > >> maybe there is a bug regarding the use of nis to mount the user's home >> directory at the login or my misconfiguration. >> After the CentOS 6.4 (64bit) installation I checked for the latest samba >> version on the official repository using yum: the latest version (that was >> already installed) is samba- 3.6.9-151.el6. >> From "man smb.conf" I have seen that "nis homedir" is not yet deprecated, >> I used it a decade ago on samba-2.2.12 with successful. >> On CentOS 6.4 I don't use ldap, but only nis and the latter works without >> problem, I installed also autofs (auto.home). >> autofs+nis are simple and work great, I can 'su' home users on nfs >> without problem. >> >> >> [global] >> >> workgroup = DORK ;changed for privacy >> netbios name = lince >> server string = DMIT domain server >> interfaces = eth0 >> >> ; smb ports = 445 >> >> hosts allow = 129.123.38., 139.123.39., 179.21.23., 127. ;changed for >> privacy >> hosts deny = ALL >> >> os level = 33 >> domain master = yes >> local master = yes >> preferred master = yes >> domain logons = yes >> security = user >> guest accout = guest >> encrypt passwords = yes >> check password script = /usr/local/sbin/crackcheck -d >> /usr/share/cracklib/pw_dict >> >> smb passwd file = /etc/samba/smbpasswd >> passdb backend = smbpasswd >> username map = /etc/samba/smbusers >> >> time server = Yes >> >> log file = /var/log/samba/pc/%m.log >> >> nis homedir = yes >> homedir map = auto.home >> >> null passwords = yes >> client lanman auth = no >> >> logon script = logon.bat >> logon path = >> logon drive = M: >> logon home = \\%N\%U >> >> wins support = no >> wins server = winsserver ;changed for privacy >> >> log level = 2 >> lock directory = /var/log/samba/locks/ >> state directory = /var/log/samba/state/ >> cache directory = /var/log/samba/cache/ >> pid directory = /var/log/samba/pid/ >> usershare path = /var/log/samba/usershare/ >> printjob username = %M\%U >> hide dot files = No[netlogon] >> path = /etc/samba/netlogon >> >> ; max protocol = smb2 >> >> kernel oplocks = no >> oplocks = no >> level2 oplocks = no >> posix locking = no >> >> follow symlinks = yes >> wide links = yes >> unix extensions = no >> nt acl support = no >> >> printing = lprng >> printcap name = /usr/local/samba/lib/printcap >> load printers = yes >> print command = /usr/bin/lpr -P%p %s; rm %s >> lpq command = /usr/bin/lpq -P%p >> lprm command = /usr/bin/lprm -P%p %j >> printcap cache time = 0 >> >> ### speed tuning >> socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE >> write raw = yes >> read raw = no >> >> ### for japanese font :( >> dos charset = cp932 >> display charset = cp932 >> unix charset = cp932 >> >> ; profiles drammatically slow the logout so I disabled >> ; [profiles] >> ; comment = Network Profiles Share >> ; path = /etc/samba/profiles >> ; read only = No >> ; store dos attribute = Yes >> ; create mask = 0600 >> ; directory mask = 0700 >> ; browseable = no >> >> >> [netlogon] >> path = /etc/samba/netlogon >> writeable = no >> public = yes >> >> [root] >> comment = Root di %h >> path = / >> read only = yes >> public = no >> locking = no >> >> [printers] >> printable = yes >> public = yes >> writable = no >> guest ok = yes >> >> #create mode = 0700 >> >> [homes] >> comment = Users Home Directories >> read only = No >> create mask = 0644 >> directory mask = 0711 >> browseable = No >> valid users = %S >> ; %S = the name of the current service, if any. service = map name, >> ; so map name A-USER can only be connected by A-USER, %S = %u >> ; >> ; By default, \\server\username shares can be connected to by anyone >> ; with access to the samba server. This parameter make sure that only >> ; username can connect to \\server\username >> >> [project] >> comment = Group project directories >> path = /usr/local/samba/lib/prj ;this path contains several links to >> nfs >> read only = no >> writable = yes >> create mode = 0775 >> force create mode = 0775 >> directory mode = 02775 >> force directory mode = 02775 >> public = no >> oplocks = no >> ,,,,,,,,,,,, continues but not important! >> >> >> >> As you can see in the smb.conf I added 'nis homedir = yes' and 'homedir >> map = auto.home' >> Samba- 3.6.9-151.el6 is included in CentOS 6.4 so to check if has been >> compiled with configure --with-automount I used the command 'smbd -b|grep >> -i automount': >> >> [root@dork]#smbd -b| grep -i automount >> WITH_AUTOMOUNT >> WITH_AUTOMOUNT >> >> this is a piece of my /etc/auto.home: >> >> pippo server1:/dati3/export/home/& >> pluto server2:/iscsi/home/& >> #paperino server1:/dati2/export/home/& >> mickeymouse server2:/iscsi/home/& >> spiderman server1:/dati2/export/home/& >> ,,,,,,,,,,, continues but not important! >> >> Now after samba configuration I'm able to join the 'DORK' domain from >> win7 and at login the latter mounts all resources declared through >> logon.bat without problem except the user's home directory because 'nis >> homedir' fails. >> >> I think, M: is not mounted on win7 because the variable %N is black >> (strange!), I can say that because I also added %N to the file log name >> 'log file = /var/log/samba/test/%N_%p.log (but even %p is blank!), from man >> smb.conf The NIS auto.map entry is split up as %N:%p, and if >> --with-automount is not added during the compile %N become %L.....but in my >> case %N is black not %L... >> >> >> logon drive = M: >> logon home = \\%N\%U >> >> >> After, I did other tests: I started winbind services but I think nis no >> needs it >> >> You can see the log regarding the connection between the samba server and >> a win7 pc named 'ORDONA', login username 'guest', all on >> http://www.wepaste.com/vincenzo/ >> >> >> Where 'nis homedir' fails? Or is there a known bug? >> >> >> >> -- >> Vincenzo De Sanctis >> > > > > -- > Vincenzo De Sanctis > -- Vincenzo De Sanctis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
