Stroller wrote:
Hi there,
This is probably a dumb question, so my apologies, but I've set up
WinBind on my my Samba box & it seems to be authenticating against the
domain, however new user accounts do not seem to be added.
They will never be added : you're using winbind to avoid that !
Don't forget that add user script is used when samba is acting as a
domain controller, but that's not the case here.
Winbind is used to simulate local unix users instead of create them locally.
`wbinfo -u` returns a list of the users on the domain and I seem to have
setup my IMAP server correctly to authenticate against that (using PAM),
as I see the following in /var/log/messages when I try to log in to my
IMAP server:
Dec 12 11:33:37 baby imapd: Connection, ip=[127.0.0.1]
Dec 12 11:33:37 baby pam_winbind[32640]: user 'ned' granted access
Dec 12 11:33:37 baby pam_winbind[32640]: user 'ned' granted access
Dec 12 11:33:37 baby imapd: networkned: chdir(/home/DOMAIN/ned)
failed!!
Dec 12 11:33:37 baby imapd: error: No such file or directory
Dec 12 11:33:37 baby imapd: LOGIN FAILED, user=networkned,
ip=[127.0.0.1]
Dec 12 11:33:37 baby imapd: authentication error: No such file or
directory
Initially in smb.conf I had simply uncommented the line which says:
add user script = /usr/sbin/useradd -s /bin/false '%u'
but of course(as pointed out on the IRC channel) `useradd requires the
-m flag in order to create a home directory for the user, so I set it
like this:
add user script = /usr/sbin/useradd -m -s /bin/false '%u'
but that gives me the same error.
The log shows that the IMAP server is trying to chdir into the home
directory "/home/DOMAIN/ned", so I'm unclear on how `useradd` is being
called - is it being called as `/usr/sbin/useradd -m -s /bin/false
'DOMAIN/ned'` or as something else?
See my previous answer ...
If you want your Windows users to log on your Samba server for IMAP,
create first a home directory with correct permissions ... (i know it
exists pam_mkhomedir.so, but i've never played with it )
Anyway : why do you want Windows users to log on your imap server ? Have
you already configured your sendmail (or postfix) MTA server to work
with Windows users ? Your MTA server will have to know where to look for
virtual users and where to drop mails ....
Question is : what's the context of the whole thing ?
Obviously I would try adding the user manually in order to troubleshoot
this, but I'd like to establish what '%u' Samba is passing to `useradd`
first. Consequently I edited the "add user script" as below, but nothing
is written to /tmp/foo.
add user script = /root/foo.sh '%u'
# ls -l /root/foo.sh
-rwxrwxrwx 1 root root 54 Dec 12 11:31 /root/foo.sh
# ls -l /tmp/foo
-rw-rw-rw- 1 root root 15 Dec 12 11:31 /tmp/foo
# cat /tmp/foo
gjitijt jgitjt
# cat /root/foo.sh
#!/bin/bash
echo "$@" >> /tmp/foo
exit 0
# /root/foo.sh howdy doody
# cat /tmp/foo
gjitijt jgitjt
howdy doody
#
I've added a subdirectory of /home for the DOMAIN, but that makes no
difference:
# ls -ld /home/
drwxr-xr-x 4 root root 120 Dec 12 11:17 /home/
baby ~ # ls -l /home/
total 0
drwxr-xr-x 2 root root 48 Dec 12 11:17 DOMAIN
drwxr-xr-x 3 stroller users 192 Dec 7 12:32 stroller
I'm not an expert at PAM, so maybe that's what I'm doing wrong?
# cat /etc/pam.d/imap
auth required pam_nologin.so
auth required pam_winbind.so
account sufficient pam_winbind.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
I don't see what I'm doing wrong here, so I'd be extremely grateful for
any suggestions,
Stroller.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
