On Mon, 2004-03-08 at 20:00, Arno Hahma wrote: > The problem was solved. Thanks to Stefan G�nther for help and for > providing a working > smb.conf excerpt, which helped to trace the problem. > > It turned out I had configured samba just right. The problem was, that > samba was not > compiled with ldap -support and winbindd simply did not ask for users > from the active directory domain controller. This was due to the fact, > that Gentoo Linux ebuild did not enable all the needed modules. All > problems disappeared after I recompiled samba-3.0.2a manually with all > the necessary configure --with -switches.
These should be on automatically, if your system has such support, but it doesn't harm to add them as well. > The other problem with creating users' home directories was solved as > well. It also turned out > I had configured PAM just right. The key to success is the keyword > "obey pam restrictions = yes" > in smb.conf. If that is not set, samba ignores PAM directives and > that's it. Of course, there are > still other problems like having to set /home permissions to 1777 since > PAM is apparently not run > as root and cannot create home directories, if /home is not world > writable. I don't actually like this, Is this with SSH? This is an OpenSSH bug/feature. This pam module requires root privilages. Try later OpenSSH versions, they are trying hard to support this stuff, but their privsep modal (which can be disabled) makes it hard. > since local shell users can create files directly on /home, which may > or may not be a problem. Also, PAM can only create one level of > directories, that is, the base dir must exist before this will work. > Thus, if you set "template homedir = /home/%D/%U" in smb.conf, make > sure the > directory %D exists in advance! Indeed. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
